The Samba-Bugzilla – Attachment 5431 Details for
Bug 4025
vfs_full_audit.c success/fail config needs logical NOT
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
0001-s3-vfs_full_audit.c-implement-negated-vfs_ops-in-the.patch (text/plain), 4.68 KB, created by
Volker Lendecke
on 2010-02-27 11:33:51 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2010-02-27 11:33:51 UTC
Size:
4.68 KB
patch
obsolete
>From c40d8d0e5409f5b66703e3028950db03874fde74 Mon Sep 17 00:00:00 2001 >From: Holger Hetterich <hhetter@novell.com> >Date: Thu, 18 Feb 2010 15:13:59 +0100 >Subject: [PATCH] s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list > >Supports negated arguments in configuration like: >full_audit:success = all !readdir !telldir !closedir >Update the manpage accordingly. >Part of BSO#4025 >--- > docs-xml/manpages-3/vfs_full_audit.8.xml | 11 ++++-- > source3/modules/vfs_full_audit.c | 55 +++++++++++++++++------------- > 2 files changed, 38 insertions(+), 28 deletions(-) > >diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml >index 1d519e2..9c9dc84 100644 >--- a/docs-xml/manpages-3/vfs_full_audit.8.xml >+++ b/docs-xml/manpages-3/vfs_full_audit.8.xml >@@ -184,7 +184,8 @@ > <listitem> > <para>LIST is a list of VFS operations that should be > recorded if they succeed. Operations are specified using >- the names listed above. >+ the names listed above. Operations can be unset by prefixing >+ the names with "!". > </para> > > </listitem> >@@ -195,7 +196,8 @@ > <listitem> > <para>LIST is a list of VFS operations that should be > recorded if they failed. Operations are specified using >- the names listed above. >+ the names listed above. Operations can be unset by prefixing >+ the names with "!". > </para> > > </listitem> >@@ -232,7 +234,8 @@ > > <para>Log file and directory open operations on the [records] > share using the LOCAL7 facility and ALERT priority, including >- the username and IP address:</para> >+ the username and IP address. Logging excludes the open VFS function >+ on failures:</para> > > <programlisting> > <smbconfsection name="[records]"/> >@@ -240,7 +243,7 @@ > <smbconfoption name="vfs objects">full_audit</smbconfoption> > <smbconfoption name="full_audit:prefix">%u|%I</smbconfoption> > <smbconfoption name="full_audit:success">open opendir</smbconfoption> >- <smbconfoption name="full_audit:failure">all</smbconfoption> >+ <smbconfoption name="full_audit:failure">all !open</smbconfoption> > <smbconfoption name="full_audit:facility">LOCAL7</smbconfoption> > <smbconfoption name="full_audit:priority">ALERT</smbconfoption> > </programlisting> >diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c >index 19ac7ad..8a40f67 100644 >--- a/source3/modules/vfs_full_audit.c >+++ b/source3/modules/vfs_full_audit.c >@@ -433,56 +433,65 @@ static bool log_failure(vfs_handle_struct *handle, vfs_op_type op) > > static void init_bitmap(struct bitmap **bm, const char **ops) > { >- bool log_all = False; >+ if (*bm != NULL) { >+ return; >+ } > >- if (*bm != NULL) >+ if (ops == NULL) { >+ *bm = NULL; > return; >+ } > > *bm = bitmap_allocate(SMB_VFS_OP_LAST); >- > if (*bm == NULL) { > DEBUG(0, ("Could not alloc bitmap -- " > "defaulting to logging everything\n")); > return; > } > >- while (*ops != NULL) { >+ for (; *ops != NULL; ops += 1) { > int i; >- bool found = False; >+ bool neg = false; >+ const char *op; > > if (strequal(*ops, "all")) { >- log_all = True; >- break; >+ for (i=0; i<SMB_VFS_OP_LAST; i++) { >+ bitmap_set(*bm, i); >+ } >+ continue; > } > > if (strequal(*ops, "none")) { > break; > } > >+ op = ops[0]; >+ if (op[0] == '!') { >+ neg = true; >+ op += 1; >+ } >+ > for (i=0; i<SMB_VFS_OP_LAST; i++) { > if (vfs_op_names[i].name == NULL) { > smb_panic("vfs_full_audit.c: name table not " > "in sync with vfs.h\n"); > } >- >- if (strequal(*ops, vfs_op_names[i].name)) { >- bitmap_set(*bm, i); >- found = True; >+ if (strequal(op, vfs_op_names[i].name)) { >+ if (neg) { >+ bitmap_clear(*bm, i); >+ } else { >+ bitmap_set(*bm, i); >+ } >+ break; > } > } >- if (!found) { >+ if (i == SMB_VFS_OP_LAST) { > DEBUG(0, ("Could not find opname %s, logging all\n", > *ops)); >- log_all = True; >+ bitmap_free(*bm); >+ *bm = NULL; > break; > } >- ops += 1; >- } >- >- if (log_all) { >- /* The query functions default to True */ >- bitmap_free(*bm); >- *bm = NULL; > } > } > >@@ -603,8 +612,6 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, > { > int result; > struct vfs_full_audit_private_data *pd = NULL; >- const char *none[] = { NULL }; >- const char *all [] = { "all" }; > > result = SMB_VFS_NEXT_CONNECT(handle, svc, user); > if (result < 0) { >@@ -624,10 +631,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle, > > init_bitmap(&pd->success_ops, > lp_parm_string_list(SNUM(handle->conn), "full_audit", "success", >- none)); >+ NULL)); > init_bitmap(&pd->failure_ops, > lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure", >- all)); >+ NULL)); > > /* Store the private data. */ > SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data, >-- >1.6.5.7 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
hhetter
:
review+
Actions:
View
Attachments on
bug 4025
:
5353
|
5381
|
5408
| 5431