From 97a248d47fa69d81cc1f9f14709a4cbea70deceb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 24 Aug 2018 13:17:24 -0700
Subject: [PATCH 1/2] s3: VFS: vfs_full_audit: Add $cwd arg to
 smb_fname_str_do_log().

Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 59f13347260f5c4367c709eb07139f2ba7ddad72)
---
 source3/modules/vfs_full_audit.c | 36 ++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index bd904e8ef87..c734a4ddb18 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -649,7 +649,8 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
 /**
  * Return a string using the do_log_ctx()
  */
-static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
+static const char *smb_fname_str_do_log(const struct smb_filename *cwd,
+				const struct smb_filename *smb_fname)
 {
 	char *fname = NULL;
 	NTSTATUS status;
@@ -669,7 +670,7 @@ static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
  */
 static const char *fsp_str_do_log(const struct files_struct *fsp)
 {
-	return smb_fname_str_do_log(fsp->fsp_name);
+	return smb_fname_str_do_log(fsp->conn->cwd_fname, fsp->fsp_name);
 }
 
 /* Implementation of vfs_ops.  Pass everything on to the default
@@ -1008,7 +1009,7 @@ static int smb_full_audit_open(vfs_handle_struct *handle,
 
 	do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
 	       ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
-	       smb_fname_str_do_log(smb_fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;
 }
@@ -1082,7 +1083,8 @@ static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
 	do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
 	       "0x%x|%s|%s|%s", access_mask,
 	       create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
-	       str_create_disposition, smb_fname_str_do_log(smb_fname));
+	       str_create_disposition,
+		smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;
 }
@@ -1321,8 +1323,8 @@ static int smb_full_audit_rename(vfs_handle_struct *handle,
 	result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
 
 	do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
-	       smb_fname_str_do_log(smb_fname_src),
-	       smb_fname_str_do_log(smb_fname_dst));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_src),
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_dst));
 
 	return result;    
 }
@@ -1404,7 +1406,7 @@ static int smb_full_audit_stat(vfs_handle_struct *handle,
 	result = SMB_VFS_NEXT_STAT(handle, smb_fname);
 
 	do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
-	       smb_fname_str_do_log(smb_fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;    
 }
@@ -1430,7 +1432,7 @@ static int smb_full_audit_lstat(vfs_handle_struct *handle,
 	result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
 
 	do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
-	       smb_fname_str_do_log(smb_fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;    
 }
@@ -1456,7 +1458,7 @@ static int smb_full_audit_unlink(vfs_handle_struct *handle,
 	result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
 
 	do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
-	       smb_fname_str_do_log(smb_fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;
 }
@@ -1567,7 +1569,7 @@ static int smb_full_audit_ntimes(vfs_handle_struct *handle,
 	result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
 
 	do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
-	       smb_fname_str_do_log(smb_fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;
 }
@@ -2004,7 +2006,8 @@ static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
 
 	do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
 	       "%s",
-	       (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname)));
+	       (fsp ? fsp_str_do_log(fsp) :
+		smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)));
 
 	return result;
 }
@@ -2035,7 +2038,7 @@ static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
 	status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
 
 	do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
-	       smb_fname_str_do_log(fname));
+	       smb_fname_str_do_log(handle->conn->cwd_fname, fname));
 
 	return status;
 }
@@ -2055,7 +2058,7 @@ static NTSTATUS smb_full_audit_get_dos_attributes(
 		NT_STATUS_IS_OK(status),
 		handle,
 		"%s",
-		smb_fname_str_do_log(smb_fname));
+		smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return status;
 }
@@ -2095,7 +2098,7 @@ static NTSTATUS smb_full_audit_set_dos_attributes(
 		NT_STATUS_IS_OK(status),
 		handle,
 		"%s",
-		smb_fname_str_do_log(smb_fname));
+		smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return status;
 }
@@ -2148,7 +2151,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
 					 mem_ctx, ppdesc);
 
 	do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
-	       "%s", smb_fname_str_do_log(smb_fname));
+	       "%s", smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
 
 	return result;
 }
@@ -2194,7 +2197,8 @@ static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
 					access_denied);
 
 	do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
-			"%s", smb_fname_str_do_log(file));
+			"%s",
+			smb_fname_str_do_log(handle->conn->cwd_fname, file));
 
 	return result;
 }
-- 
2.19.0.rc0.228.g281dcd1b4d0-goog


From 5bdbba237d8efb31982f6c91791b45b40d5c841f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 24 Aug 2018 13:37:27 -0700
Subject: [PATCH 2/2] s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log()
 only returns absolute pathnames.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 27 20:23:55 CEST 2018 on sn-devel-144

(cherry picked from commit 4d72ebb821518c25e4759ad697d5e18257f80765)
---
 source3/modules/vfs_full_audit.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index c734a4ddb18..2ab7d83957b 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -658,6 +658,32 @@ static const char *smb_fname_str_do_log(const struct smb_filename *cwd,
 	if (smb_fname == NULL) {
 		return "";
 	}
+
+	if (smb_fname->base_name[0] != '/') {
+		char *abs_name = NULL;
+		struct smb_filename *fname_copy = cp_smb_filename(
+							do_log_ctx(),
+							smb_fname);
+		if (fname_copy == NULL) {
+			return "";
+		}
+
+		if (!ISDOT(smb_fname->base_name)) {
+			abs_name = talloc_asprintf(do_log_ctx(),
+					"%s/%s",
+					cwd->base_name,
+					smb_fname->base_name);
+		} else {
+			abs_name = talloc_strdup(do_log_ctx(),
+					cwd->base_name);
+		}
+		if (abs_name == NULL) {
+			return "";
+		}
+		fname_copy->base_name = abs_name;
+		smb_fname = fname_copy;
+	}
+
 	status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
 	if (!NT_STATUS_IS_OK(status)) {
 		return "";
-- 
2.19.0.rc0.228.g281dcd1b4d0-goog