diff options
-rw-r--r-- | examples/VFS/skel_opaque.c | 15 | ||||
-rw-r--r-- | examples/VFS/skel_transparent.c | 18 | ||||
-rw-r--r-- | source3/include/vfs.h | 18 | ||||
-rw-r--r-- | source3/include/vfs_macros.h | 10 | ||||
-rw-r--r-- | source3/modules/vfs_fake_acls.c | 68 | ||||
-rw-r--r-- | source3/modules/vfs_full_audit.c | 37 | ||||
-rw-r--r-- | source3/modules/vfs_time_audit.c | 48 | ||||
-rw-r--r-- | source3/smbd/vfs.c | 21 |
8 files changed, 235 insertions, 0 deletions
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index edfb772698..a786a234d4 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -586,6 +586,18 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs return (SMB_ACL_T)NULL; } +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + +static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { errno = ENOSYS; @@ -771,10 +783,13 @@ struct vfs_fn_pointers skel_opaque_fns = { .sys_acl_get_file_fn = skel_sys_acl_get_file, .sys_acl_get_fd_fn = skel_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd, .sys_acl_set_file_fn = skel_sys_acl_set_file, .sys_acl_set_fd_fn = skel_sys_acl_set_fd, .sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file, + /* EA operations. */ .getxattr_fn = skel_getxattr, .fgetxattr_fn = skel_fgetxattr, diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index 711b7fc139..02a994c07f 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -699,6 +699,22 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp); } +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); +} + +static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob); +} + static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl); @@ -869,6 +885,8 @@ struct vfs_fn_pointers skel_transparent_fns = { .sys_acl_get_file_fn = skel_sys_acl_get_file, .sys_acl_get_fd_fn = skel_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd, .sys_acl_set_file_fn = skel_sys_acl_set_file, .sys_acl_set_fd_fn = skel_sys_acl_set_fd, .sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file, diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 17ec2625a2..8e48803fe7 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -143,6 +143,7 @@ /* Leave at 29 - not yet released. Remove sys_acl functions other than set and get - abartlet */ /* Leave at 29 - not yet released. Added backup_intent bool to files_struct - JRA */ /* Leave at 29 - not yet released. Add durable handle functions - metze/obnox */ +/* Leave at 29 - not yet released. Added sys_acl_blob_get_file and sys_acl_blob_get_fd */ /* Bump to version 30 - Samba 4.0.0 will ship with interface version 30 */ #define SMB_VFS_INTERFACE_VERSION 30 @@ -691,6 +692,12 @@ struct vfs_fn_pointers { SMB_ACL_T (*sys_acl_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type); SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp); + int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, char **blob_description, + DATA_BLOB *blob); + int (*sys_acl_blob_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, + TALLOC_CTX *mem_ctx, char **blob_description, + DATA_BLOB *blob); int (*sys_acl_set_file_fn)(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); int (*sys_acl_set_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_ACL_T theacl); int (*sys_acl_delete_def_file_fn)(struct vfs_handle_struct *handle, const char *path); @@ -1088,6 +1095,17 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle, SMB_ACL_TYPE_T type); SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, struct files_struct *fsp); +int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob); +int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob); int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index f077a6f1af..4eca1b0748 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -439,6 +439,16 @@ #define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp) \ smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp)) +#define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, path_p, type, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (path_p), (type), (mem_ctx), (blob_description), (blob)) +#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_file((handle)->next, (path_p), (type), (mem_ctx), (blob_description), (blob)) + +#define SMB_VFS_SYS_ACL_BLOB_GET_FD(fsp, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_fd((fsp)->conn->vfs_handles, (fsp), (mem_ctx), (blob_description), (blob)) +#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_fd((handle)->next, (fsp), mem_ctx, (blob_description), (blob)) + #define SMB_VFS_SYS_ACL_SET_FILE(conn, name, acltype, theacl) \ smb_vfs_call_sys_acl_set_file((conn)->vfs_handles, (name), (acltype), (theacl)) #define SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl) \ diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c index abe65700de..258cb197c0 100644 --- a/source3/modules/vfs_fake_acls.c +++ b/source3/modules/vfs_fake_acls.c @@ -294,6 +294,72 @@ static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle, file return acl; } + +static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, + char **blob_description, DATA_BLOB *blob) +{ + ssize_t length; + const char *name = NULL; + switch (type) { + case SMB_ACL_TYPE_ACCESS: + name = FAKE_ACL_ACCESS_XATTR; + break; + case SMB_ACL_TYPE_DEFAULT: + name = FAKE_ACL_DEFAULT_XATTR; + break; + } + + *blob_description = talloc_strdup(mem_ctx, "fake_acls"); + if (!*blob_description) { + errno = ENOMEM; + return -1; + } + + *blob = data_blob_null; + do { + blob->length += 1000; + blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); + if (!blob->data) { + errno = ENOMEM; + return -1; + } + length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length); + blob->length = length; + } while (length == -1 && errno == ERANGE); + if (length == -1) { + return -1; + } + return 0; +} + +static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, + char **blob_description, DATA_BLOB *blob) +{ + ssize_t length; + const char *name = FAKE_ACL_ACCESS_XATTR; + + *blob_description = talloc_strdup(mem_ctx, "fake_acls"); + if (!*blob_description) { + errno = ENOMEM; + return -1; + } + *blob = data_blob_null; + do { + blob->length += 1000; + blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); + if (!blob->data) { + errno = ENOMEM; + return -1; + } + length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length); + blob->length = length; + } while (length == -1 && errno == ERANGE); + if (length == -1) { + return -1; + } + return 0; +} + static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { int ret; @@ -450,6 +516,8 @@ static struct vfs_fn_pointers vfs_fake_acls_fns = { .fstat_fn = fake_acls_fstat, .sys_acl_get_file_fn = fake_acls_sys_acl_get_file, .sys_acl_get_fd_fn = fake_acls_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = fake_acls_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = fake_acls_sys_acl_blob_get_fd, .sys_acl_set_file_fn = fake_acls_sys_acl_set_file, .sys_acl_set_fd_fn = fake_acls_sys_acl_set_fd, .sys_acl_delete_def_file_fn = fake_acls_sys_acl_delete_def_file, diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 48198e7fa5..392baeadd0 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -175,6 +175,8 @@ typedef enum _vfs_op_type { SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_OP_SYS_ACL_GET_FD, + SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, + SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, @@ -284,6 +286,8 @@ static struct { { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" }, { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" }, { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" }, + { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" }, + { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" }, { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" }, { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" }, { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" }, @@ -1821,6 +1825,39 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, return result; } +static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + SMB_ACL_T result; + + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle, + "%s", path_p); + + return result; +} + +static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + SMB_ACL_T result; + + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob); + + do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle, + "%s", fsp_str_do_log(fsp)); + + return result; +} + static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index c80fc8a0c3..7571b2f340 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -1809,6 +1809,52 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle, return result; } + +static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + int result; + struct timespec ts1,ts2; + double timediff; + + clock_gettime_mono(&ts1); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + clock_gettime_mono(&ts2); + timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; + + if (timediff > audit_timeout) { + smb_time_audit_log("sys_acl_blob_get_file", timediff); + } + + return result; +} + +static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + int result; + struct timespec ts1,ts2; + double timediff; + + clock_gettime_mono(&ts1); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob); + clock_gettime_mono(&ts2); + timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; + + if (timediff > audit_timeout) { + smb_time_audit_log("sys_acl_blob_get_fd", timediff); + } + + return result; +} + static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, @@ -2135,6 +2181,8 @@ static struct vfs_fn_pointers vfs_time_audit_fns = { .fchmod_acl_fn = smb_time_audit_fchmod_acl, .sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file, .sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd, .sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file, .sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd, .sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file, diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index bb9549c887..763ef37f89 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2226,6 +2226,27 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, return handle->fns->sys_acl_get_fd_fn(handle, fsp); } +int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + VFS_FIND(sys_acl_blob_get_file); + return handle->fns->sys_acl_blob_get_file_fn(handle, path_p, type, mem_ctx, blob_description, blob); +} + +int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, + struct files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + VFS_FIND(sys_acl_blob_get_fd); + return handle->fns->sys_acl_blob_get_fd_fn(handle, fsp, mem_ctx, blob_description, blob); +} + int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) |