diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-09-10 12:44:01 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-09-12 07:06:01 +0200 |
| commit | e8375ddf2d29b12cfe84ceec7195de957d0a743c (patch) | |
| tree | 0f25cb893ec23796eeab197889bc251b0bec2db5 /source3/modules | |
| parent | 6638d1036688f7b0f15a1a18c9a251ab0a7ab626 (diff) | |
| download | samba-e8375ddf2d29b12cfe84ceec7195de957d0a743c.tar.gz samba-e8375ddf2d29b12cfe84ceec7195de957d0a743c.tar.bz2 samba-e8375ddf2d29b12cfe84ceec7195de957d0a743c.zip | |
smbd: Add extra VFS hooks to get the posix ACL as a blob
This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
Diffstat (limited to 'source3/modules')
| -rw-r--r-- | source3/modules/vfs_fake_acls.c | 68 | ||||
| -rw-r--r-- | source3/modules/vfs_full_audit.c | 37 | ||||
| -rw-r--r-- | source3/modules/vfs_time_audit.c | 48 |
3 files changed, 153 insertions, 0 deletions
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c index abe65700de..258cb197c0 100644 --- a/source3/modules/vfs_fake_acls.c +++ b/source3/modules/vfs_fake_acls.c @@ -294,6 +294,72 @@ static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle, file return acl; } + +static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, + char **blob_description, DATA_BLOB *blob) +{ + ssize_t length; + const char *name = NULL; + switch (type) { + case SMB_ACL_TYPE_ACCESS: + name = FAKE_ACL_ACCESS_XATTR; + break; + case SMB_ACL_TYPE_DEFAULT: + name = FAKE_ACL_DEFAULT_XATTR; + break; + } + + *blob_description = talloc_strdup(mem_ctx, "fake_acls"); + if (!*blob_description) { + errno = ENOMEM; + return -1; + } + + *blob = data_blob_null; + do { + blob->length += 1000; + blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); + if (!blob->data) { + errno = ENOMEM; + return -1; + } + length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length); + blob->length = length; + } while (length == -1 && errno == ERANGE); + if (length == -1) { + return -1; + } + return 0; +} + +static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, + char **blob_description, DATA_BLOB *blob) +{ + ssize_t length; + const char *name = FAKE_ACL_ACCESS_XATTR; + + *blob_description = talloc_strdup(mem_ctx, "fake_acls"); + if (!*blob_description) { + errno = ENOMEM; + return -1; + } + *blob = data_blob_null; + do { + blob->length += 1000; + blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); + if (!blob->data) { + errno = ENOMEM; + return -1; + } + length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length); + blob->length = length; + } while (length == -1 && errno == ERANGE); + if (length == -1) { + return -1; + } + return 0; +} + static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { int ret; @@ -450,6 +516,8 @@ static struct vfs_fn_pointers vfs_fake_acls_fns = { .fstat_fn = fake_acls_fstat, .sys_acl_get_file_fn = fake_acls_sys_acl_get_file, .sys_acl_get_fd_fn = fake_acls_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = fake_acls_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = fake_acls_sys_acl_blob_get_fd, .sys_acl_set_file_fn = fake_acls_sys_acl_set_file, .sys_acl_set_fd_fn = fake_acls_sys_acl_set_fd, .sys_acl_delete_def_file_fn = fake_acls_sys_acl_delete_def_file, diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 48198e7fa5..392baeadd0 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -175,6 +175,8 @@ typedef enum _vfs_op_type { SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_OP_SYS_ACL_GET_FD, + SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, + SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, @@ -284,6 +286,8 @@ static struct { { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" }, { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" }, { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" }, + { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" }, + { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" }, { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" }, { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" }, { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" }, @@ -1821,6 +1825,39 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, return result; } +static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + SMB_ACL_T result; + + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle, + "%s", path_p); + + return result; +} + +static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + SMB_ACL_T result; + + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob); + + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index c80fc8a0c3..7571b2f340 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -1809,6 +1809,52 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle, return result; } + +static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + int result; + struct timespec ts1,ts2; + double timediff; + + clock_gettime_mono(&ts1); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + clock_gettime_mono(&ts2); + timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; + + if (timediff > audit_timeout) { + smb_time_audit_log("sys_acl_blob_get_file", timediff); + } + + return result; +} + +static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + int result; + struct timespec ts1,ts2; + double timediff; + + clock_gettime_mono(&ts1); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob); + clock_gettime_mono(&ts2); + timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; + + if (timediff > audit_timeout) { + smb_time_audit_log("sys_acl_blob_get_fd", timediff); + } + + return result; +} + static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, @@ -2135,6 +2181,8 @@ static struct vfs_fn_pointers vfs_time_audit_fns = { .fchmod_acl_fn = smb_time_audit_fchmod_acl, .sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file, .sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd, .sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file, .sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd, .sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file, |