Bug 4025 - vfs_full_audit.c success/fail config needs logical NOT
Summary: vfs_full_audit.c success/fail config needs logical NOT
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.0.23b
Hardware: All All
: P3 enhancement
Target Milestone: none
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-08-16 22:44 UTC by hoffa
Modified: 2010-03-03 06:58 UTC (History)
2 users (show)

See Also:


Attachments
proposed patch (1.81 KB, patch)
2010-02-15 13:55 UTC, Holger Hetterich
no flags Details
Tested patch (3.65 KB, patch)
2010-02-18 08:31 UTC, Holger Hetterich
vl: review-
Details
Enable negated ops, and allow opclasses (8.17 KB, patch)
2010-02-20 11:36 UTC, Holger Hetterich
vl: review-
Details
patch (4.68 KB, patch)
2010-02-27 11:33 UTC, Volker Lendecke
hhetter: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description hoffa 2006-08-16 22:44:08 UTC
some ideas to flesh out more of vfs_full_audit's end all,
be all, capabilities list...

# currently possible but not sexy
full_audit:success = <list all 90 some ops, minus a few>
full_audit:failure = all

# it would be slick to have something like this to skip
# common or uninteresting entries. a little code added
# to init_bitmap() should do the trick nicely.
full_audit:success = all !readdir !telldir !closedir
full_audit:failure = all

# for even more fun, add op classes that can be added to
# or redefined by the user. and have the definitions
# be additive as they are parsed rather than splitting the
# conf lines with \ if that's even possible.
full_audit:oc = noise = readdir telldir closedir ...
full_audit:oc = always = create delete rename ...
full_audit:oc = ifspace = chmod ...
full_audit:oc = because = oc_ifspace oc_noise connect
full_audit:success = all !oc_noise !oc_ifspace
 or
full_audit:success = oc_always oc_ifspace

# and log to a file in do_log() without going through syslog.
full_audit:logfile = /<wherever>
full_audit:logfile = log.full_audit  # no anchor, puts in usual logdir
Comment 1 hoffa 2008-02-11 11:56:54 UTC
bump. thx.
Comment 2 Holger Hetterich 2010-02-15 13:55:09 UTC
Created attachment 5353 [details]
proposed patch

This patch _may_ implement the ! idea. However I cannot test the patch as I am suffering from Bug #6557 when testing on master.
Comment 3 Holger Hetterich 2010-02-18 08:31:14 UTC
Created attachment 5381 [details]
Tested patch

Tested patch, including manpage update
Comment 4 Holger Hetterich 2010-02-20 11:36:14 UTC
Created attachment 5408 [details]
Enable negated ops, and allow opclasses

This adds operation class support, and includes the changes from the former patch.
Comment 5 Holger Hetterich 2010-02-20 11:47:44 UTC
A few words on the last patch. It implements VFS operation classes by
having the user to define a list of classes he implements.
For example :
full_audit:classes = SMBTrafficAnalyzerV1 Important
Here, the user declares two classes.

The user must then define the classes as for example:
full_audit:SMBTrafficAnalyzerV1 = pread read pwrite write
full_audit:Important = mkdir

The user might then do the following:
full_audit:success = SMBTrafficAnalyzerV1 !Important

Classes can include classes on their own. We parse recursivly through them.
However, should the user have an ill-fated class setup, like:
full_audit:classes = SMBTrafficAnalyzerV1 Important
full_audit:SMBTrafficAnalyzerV1 = pread read pwrite write Important
full_audit:Important = mkdir !SMBTrafficAnalyzerV1
full_audit:success = SMBTrafficAnalyzerV1

we will stop scanning the classes after a recurse depth of level 20.
This allows for relativly complex class scenarios, while making sure
that self repeating class setups are disabled.
Comment 6 Volker Lendecke 2010-02-22 02:50:52 UTC
Wow, that's freaking complex. I need to very closely look at it. My initial reaction is "Why not link perl or python into that, this might do the same....".

Volker
Comment 7 Volker Lendecke 2010-02-23 14:00:58 UTC
Comment on attachment 5408 [details]
Enable negated ops, and allow opclasses

Hi, Holger!

As already discussed on irc: I think these classes are a bit over the top. This is code that we need to carry forever. We haven't come up with an example where the classes solve problems that can't be solved without them with a potentially more verbose configuration.

I do see the point of having the !. If we can get a patch that does only that, I think it would be perfect. This would be very easy do explain, the code should be equally trivial.

Thanks for looking at this!

Volker
Comment 8 Holger Hetterich 2010-02-23 15:08:48 UTC
Volker, I understood, and I am fine with it. See in comment #3 the patch implementing exactly only the ! idea.
Comment 9 Volker Lendecke 2010-02-27 11:33:51 UTC
Created attachment 5431 [details]
patch

Holger, I think this patch simplifies the logic in init_bitmap a bit. What do you think?

Volker
Comment 10 Holger Hetterich 2010-02-27 18:53:05 UTC
Comment on attachment 5431 [details]
patch

Volker, thank you! Tested the patch another time, works, and I am fine with your changes!
Comment 11 Volker Lendecke 2010-02-28 04:36:13 UTC
Comment on attachment 5381 [details]
Tested patch

Pushed the alternative patch
Comment 12 Volker Lendecke 2010-02-28 04:37:02 UTC
Holger, please re-open and assign to Karolin if you want this in 3.5.1. Otherwise it will be in 3.6.
Comment 13 Holger Hetterich 2010-03-01 04:20:58 UTC
Reopening for reassignment
Comment 14 Holger Hetterich 2010-03-01 04:24:52 UTC
Reassigning to Karolin for inclusion into 3.5.1
Comment 15 Karolin Seeger 2010-03-03 06:58:52 UTC
As this is an enhancement and not a bug fix, I would prefer to put it in 3.6.0 instead of 3.5.1. Closing out bug report as patch has been pushed to master and 3.6 branches have not been created yet.

Thanks a lot!