The Samba-Bugzilla – Attachment 17369 Details for
Bug 15098
vfs_full_audit logs 'all' if incorrect operation is used
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.16.next, 4.15.next.
bug-15098-4.16.patch (text/plain), 8.14 KB, created by
Jeremy Allison
on 2022-06-17 16:08:04 UTC
(
hide
)
Description:
git-am fix for 4.16.next, 4.15.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2022-06-17 16:08:04 UTC
Size:
8.14 KB
patch
obsolete
>From b84928706b81cccd89ecedf8f81b72210a75ba87 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 16 Jun 2022 11:57:58 -0700 >Subject: [PATCH 1/3] s3: test: Add tests to show we still connect to a > full_audit share with a bad success or fail VFS names. > >Add knownfail. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit fe78d3c014d1756fe628175baeaa08c58e3e2f02) >--- > selftest/knownfail.d/full_audit_badname | 2 ++ > selftest/target/Samba3.pm | 8 ++++++ > source3/script/tests/test_bad_auditnames.sh | 29 +++++++++++++++++++++ > source3/selftest/tests.py | 6 +++++ > 4 files changed, 45 insertions(+) > create mode 100644 selftest/knownfail.d/full_audit_badname > create mode 100755 source3/script/tests/test_bad_auditnames.sh > >diff --git a/selftest/knownfail.d/full_audit_badname b/selftest/knownfail.d/full_audit_badname >new file mode 100644 >index 00000000000..b353875fb4e >--- /dev/null >+++ b/selftest/knownfail.d/full_audit_badname >@@ -0,0 +1,2 @@ >+^samba3.blackbox.test_full_audit_success_badname.Cannot\ connect\ to\ share\ full_audit_success_bad_name\(fileserver\) >+^samba3.blackbox.test_full_audit_fail_badname.Cannot\ connect\ to\ share\ full_audit_fail_bad_name\(fileserver\) >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index b260f26cbc0..df94e358a6e 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -3292,6 +3292,14 @@ sub provision($$) > [acls_non_canonical] > copy = tmp > acl flag inherited canonicalization = no >+ >+[full_audit_success_bad_name] >+ copy = tmp >+ full_audit:success = badname >+ >+[full_audit_fail_bad_name] >+ copy = tmp >+ full_audit:failure = badname > "; > > close(CONF); >diff --git a/source3/script/tests/test_bad_auditnames.sh b/source3/script/tests/test_bad_auditnames.sh >new file mode 100755 >index 00000000000..69ddf1436f4 >--- /dev/null >+++ b/source3/script/tests/test_bad_auditnames.sh >@@ -0,0 +1,29 @@ >+#!/bin/sh >+ >+# this tests a full audit share with bad VFS >+# names will not allow connection. >+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098 >+ >+if [ $# -lt 5 ]; then >+ cat <<EOF >+Usage: $0 SERVER SHARE USERNAME PASSWORD SMBCLIENT >+EOF >+ exit 1 >+fi >+ >+SERVER="$1" >+SHARE="$2" >+USERNAME="$3" >+PASSWORD="$4" >+SMBCLIENT="$5" >+SMBCLIENT="$VALGRIND ${SMBCLIENT}" >+ >+incdir=$(dirname "$0")/../../../testprogs/blackbox >+. "$incdir/subunit.sh" >+ >+can_connect() >+{ >+ $SMBCLIENT //"$SERVER"/"$SHARE" -U"$USERNAME"%"$PASSWORD" -c "ls" | grep "tree connect failed: NT_STATUS_UNSUCCESSFUL" >/dev/null 2>&1 >+} >+ >+testit "Cannot connect to share $SHARE" can_connect || failed=$((failed + 1)) >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 40c2fb63f62..ca7bdde2509 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -665,6 +665,12 @@ for env in ["fileserver"]: > plantestsuite("samba3.blackbox.fifo", env, > [os.path.join(samba3srcdir, "script/tests/test_fifo.sh"), > '$SERVER', '$DOMAIN', 'gooduser', '$PASSWORD', '$PREFIX', env, smbclient3]) >+ plantestsuite("samba3.blackbox.test_full_audit_success_badname", env, >+ [os.path.join(samba3srcdir, "script/tests/test_bad_auditnames.sh"), >+ '$SERVER', 'full_audit_success_bad_name', '$USERNAME', '$PASSWORD', smbclient3]) >+ plantestsuite("samba3.blackbox.test_full_audit_fail_badname", env, >+ [os.path.join(samba3srcdir, "script/tests/test_bad_auditnames.sh"), >+ '$SERVER', 'full_audit_fail_bad_name', '$USERNAME', '$PASSWORD', smbclient3]) > > for env in ["fileserver:local"]: > plantestsuite("samba3.blackbox.net_usershare", env, [os.path.join(samba3srcdir, "script/tests/test_net_usershare.sh"), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', smbclient3]) >-- >2.34.1 > > >From 2b0315d56a7b7b5015059bebd79682ba274d2024 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 16 Jun 2022 12:00:26 -0700 >Subject: [PATCH 2/3] s3: VFS: full_audit: Use correct DBG_ print messages in > init_bitmap(). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ec91a583708c57d0da28da7b70e6366153129c64) >--- > source3/modules/vfs_full_audit.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > >diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c >index 5903849931e..002f1645c54 100644 >--- a/source3/modules/vfs_full_audit.c >+++ b/source3/modules/vfs_full_audit.c >@@ -511,13 +511,13 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops) > struct bitmap *bm; > > if (ops == NULL) { >+ DBG_ERR("init_bitmap, ops list is empty (logic error)\n"); > return NULL; > } > > bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST); > if (bm == NULL) { >- DEBUG(0, ("Could not alloc bitmap -- " >- "defaulting to logging everything\n")); >+ DBG_ERR("Could not alloc bitmap\n"); > return NULL; > } > >@@ -559,8 +559,7 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops) > } > } > if (i == SMB_VFS_OP_LAST) { >- DEBUG(0, ("Could not find opname %s, logging all\n", >- *ops)); >+ DBG_ERR("Could not find opname %s\n", *ops); > TALLOC_FREE(bm); > return NULL; > } >-- >2.34.1 > > >From 3c6cdfd8b541f2511fe4d7852579c42657fb6b1b Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 16 Jun 2022 12:05:19 -0700 >Subject: [PATCH 3/3] s3: VFS: full_audit. Ensure the module doesn't load if an > operation name is miss-spelled or otherwise unknown. > >Document this new behavior. Remove knownfail. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15098 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 69bb8853f61212074a7095055fb3570660a1cc27) >--- > docs-xml/manpages/vfs_full_audit.8.xml | 5 +++++ > selftest/knownfail.d/full_audit_badname | 2 -- > source3/modules/vfs_full_audit.c | 10 ++++++++++ > 3 files changed, 15 insertions(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/full_audit_badname > >diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml >index fc08845ac3c..dcd71fa9b64 100644 >--- a/docs-xml/manpages/vfs_full_audit.8.xml >+++ b/docs-xml/manpages/vfs_full_audit.8.xml >@@ -156,6 +156,11 @@ > the VFS operations and none of the VFS operations respectively. > </para> > >+ <para>If an unknown operation name is used (for example an operation name >+ is miss-spelled), the module will fail to load and clients will >+ be refused connections to a share using this module. >+ </para> >+ > <para><command>vfs_full_audit</command> records operations in fixed > format consisting of fields separated by '|' characters. The > format is: </para> >diff --git a/selftest/knownfail.d/full_audit_badname b/selftest/knownfail.d/full_audit_badname >deleted file mode 100644 >index b353875fb4e..00000000000 >--- a/selftest/knownfail.d/full_audit_badname >+++ /dev/null >@@ -1,2 +0,0 @@ >-^samba3.blackbox.test_full_audit_success_badname.Cannot\ connect\ to\ share\ full_audit_success_bad_name\(fileserver\) >-^samba3.blackbox.test_full_audit_fail_badname.Cannot\ connect\ to\ share\ full_audit_fail_bad_name\(fileserver\) >diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c >index 002f1645c54..8fa1ada9fcb 100644 >--- a/source3/modules/vfs_full_audit.c >+++ b/source3/modules/vfs_full_audit.c >@@ -747,9 +747,19 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, > pd->success_ops = init_bitmap( > pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", > "success", none)); >+ if (pd->success_ops == NULL) { >+ DBG_ERR("Invalid success operations list. Failing connect\n"); >+ SMB_VFS_NEXT_DISCONNECT(handle); >+ return -1; >+ } > pd->failure_ops = init_bitmap( > pd, lp_parm_string_list(SNUM(handle->conn), "full_audit", > "failure", none)); >+ if (pd->failure_ops == NULL) { >+ DBG_ERR("Invalid failure operations list. Failing connect\n"); >+ SMB_VFS_NEXT_DISCONNECT(handle); >+ return -1; >+ } > > /* Store the private data. */ > SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL, >-- >2.34.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review?
(
slow
)
rpenny
:
review-
Actions:
View
Attachments on
bug 15098
:
17356
|
17365
| 17369