The Samba-Bugzilla – Attachment 5381 Details for
Bug 4025
vfs_full_audit.c success/fail config needs logical NOT
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Tested patch
0001-s3-vfs_full_audit.c-implement-negated-vfs_ops-in-the.patch (text/plain), 3.65 KB, created by
Holger Hetterich
on 2010-02-18 08:31:14 UTC
(
hide
)
Description:
Tested patch
Filename:
MIME Type:
Creator:
Holger Hetterich
Created:
2010-02-18 08:31:14 UTC
Size:
3.65 KB
patch
obsolete
>From 3ae10182b94ef4ea4b2ce217f858584cb33c4e8f Mon Sep 17 00:00:00 2001 >From: Holger Hetterich <hhetter@novell.com> >Date: Thu, 18 Feb 2010 15:13:59 +0100 >Subject: [PATCH] s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list > >Supports negated arguments in configuration like: >full_audit:success = all !readdir !telldir !closedir >Update the manpage accordingly. >Part of BSO#4025 >--- > docs-xml/manpages-3/vfs_full_audit.8.xml | 11 +++++++---- > source3/modules/vfs_full_audit.c | 18 +++++++++++++----- > 2 files changed, 20 insertions(+), 9 deletions(-) > >diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml >index 1d519e2..9c9dc84 100644 >--- a/docs-xml/manpages-3/vfs_full_audit.8.xml >+++ b/docs-xml/manpages-3/vfs_full_audit.8.xml >@@ -184,7 +184,8 @@ > <listitem> > <para>LIST is a list of VFS operations that should be > recorded if they succeed. Operations are specified using >- the names listed above. >+ the names listed above. Operations can be unset by prefixing >+ the names with "!". > </para> > > </listitem> >@@ -195,7 +196,8 @@ > <listitem> > <para>LIST is a list of VFS operations that should be > recorded if they failed. Operations are specified using >- the names listed above. >+ the names listed above. Operations can be unset by prefixing >+ the names with "!". > </para> > > </listitem> >@@ -232,7 +234,8 @@ > > <para>Log file and directory open operations on the [records] > share using the LOCAL7 facility and ALERT priority, including >- the username and IP address:</para> >+ the username and IP address. Logging excludes the open VFS function >+ on failures:</para> > > <programlisting> > <smbconfsection name="[records]"/> >@@ -240,7 +243,7 @@ > <smbconfoption name="vfs objects">full_audit</smbconfoption> > <smbconfoption name="full_audit:prefix">%u|%I</smbconfoption> > <smbconfoption name="full_audit:success">open opendir</smbconfoption> >- <smbconfoption name="full_audit:failure">all</smbconfoption> >+ <smbconfoption name="full_audit:failure">all !open</smbconfoption> > <smbconfoption name="full_audit:facility">LOCAL7</smbconfoption> > <smbconfoption name="full_audit:priority">ALERT</smbconfoption> > </programlisting> >diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c >index 19ac7ad..c3b5167 100644 >--- a/source3/modules/vfs_full_audit.c >+++ b/source3/modules/vfs_full_audit.c >@@ -433,11 +433,11 @@ static bool log_failure(vfs_handle_struct *handle, vfs_op_type op) > > static void init_bitmap(struct bitmap **bm, const char **ops) > { >+ int i; > bool log_all = False; >- >+ bool negated_ops = False; > if (*bm != NULL) > return; >- > *bm = bitmap_allocate(SMB_VFS_OP_LAST); > > if (*bm == NULL) { >@@ -447,12 +447,15 @@ static void init_bitmap(struct bitmap **bm, const char **ops) > } > > while (*ops != NULL) { >- int i; > bool found = False; >+ if ( *(*ops) == '!' && negated_ops == False) { >+ for (i=0; i<SMB_VFS_OP_LAST; i++) bitmap_set(*bm, i); >+ negated_ops = True; >+ } > > if (strequal(*ops, "all")) { > log_all = True; >- break; >+ found = True; > } > > if (strequal(*ops, "none")) { >@@ -469,6 +472,11 @@ static void init_bitmap(struct bitmap **bm, const char **ops) > bitmap_set(*bm, i); > found = True; > } >+ if ( *(*ops) == '!' >+ && strequal(*ops + 1,vfs_op_names[i].name)) { >+ bitmap_clear(*bm,i); >+ found = True; >+ } > } > if (!found) { > DEBUG(0, ("Could not find opname %s, logging all\n", >@@ -479,7 +487,7 @@ static void init_bitmap(struct bitmap **bm, const char **ops) > ops += 1; > } > >- if (log_all) { >+ if (log_all && !negated_ops) { > /* The query functions default to True */ > bitmap_free(*bm); > *bm = NULL; >-- >1.6.4.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5381">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
vl
:
review-
Actions:
View
Attachments on
bug 4025
:
5353
|
5381
|
5408
|
5431