summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs-xml/manpages-3/vfs_full_audit.8.xml11
-rw-r--r--source3/modules/vfs_full_audit.c55
2 files changed, 38 insertions, 28 deletions
diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml
index 1d519e2e09..9c9dc843f8 100644
--- a/docs-xml/manpages-3/vfs_full_audit.8.xml
+++ b/docs-xml/manpages-3/vfs_full_audit.8.xml
@@ -184,7 +184,8 @@
<listitem>
<para>LIST is a list of VFS operations that should be
recorded if they succeed. Operations are specified using
- the names listed above.
+ the names listed above. Operations can be unset by prefixing
+ the names with "!".
</para>
</listitem>
@@ -195,7 +196,8 @@
<listitem>
<para>LIST is a list of VFS operations that should be
recorded if they failed. Operations are specified using
- the names listed above.
+ the names listed above. Operations can be unset by prefixing
+ the names with "!".
</para>
</listitem>
@@ -232,7 +234,8 @@
<para>Log file and directory open operations on the [records]
share using the LOCAL7 facility and ALERT priority, including
- the username and IP address:</para>
+ the username and IP address. Logging excludes the open VFS function
+ on failures:</para>
<programlisting>
<smbconfsection name="[records]"/>
@@ -240,7 +243,7 @@
<smbconfoption name="vfs objects">full_audit</smbconfoption>
<smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
<smbconfoption name="full_audit:success">open opendir</smbconfoption>
- <smbconfoption name="full_audit:failure">all</smbconfoption>
+ <smbconfoption name="full_audit:failure">all !open</smbconfoption>
<smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
<smbconfoption name="full_audit:priority">ALERT</smbconfoption>
</programlisting>
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 19ac7adaed..8a40f6712c 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -433,56 +433,65 @@ static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
static void init_bitmap(struct bitmap **bm, const char **ops)
{
- bool log_all = False;
+ if (*bm != NULL) {
+ return;
+ }
- if (*bm != NULL)
+ if (ops == NULL) {
+ *bm = NULL;
return;
+ }
*bm = bitmap_allocate(SMB_VFS_OP_LAST);
-
if (*bm == NULL) {
DEBUG(0, ("Could not alloc bitmap -- "
"defaulting to logging everything\n"));
return;
}
- while (*ops != NULL) {
+ for (; *ops != NULL; ops += 1) {
int i;
- bool found = False;
+ bool neg = false;
+ const char *op;
if (strequal(*ops, "all")) {
- log_all = True;
- break;
+ for (i=0; i<SMB_VFS_OP_LAST; i++) {
+ bitmap_set(*bm, i);
+ }
+ continue;
}
if (strequal(*ops, "none")) {
break;
}
+ op = ops[0];
+ if (op[0] == '!') {
+ neg = true;
+ op += 1;
+ }
+
for (i=0; i<SMB_VFS_OP_LAST; i++) {
if (vfs_op_names[i].name == NULL) {
smb_panic("vfs_full_audit.c: name table not "
"in sync with vfs.h\n");
}
-
- if (strequal(*ops, vfs_op_names[i].name)) {
- bitmap_set(*bm, i);
- found = True;
+ if (strequal(op, vfs_op_names[i].name)) {
+ if (neg) {
+ bitmap_clear(*bm, i);
+ } else {
+ bitmap_set(*bm, i);
+ }
+ break;
}
}
- if (!found) {
+ if (i == SMB_VFS_OP_LAST) {
DEBUG(0, ("Could not find opname %s, logging all\n",
*ops));
- log_all = True;
+ bitmap_free(*bm);
+ *bm = NULL;
break;
}
- ops += 1;
- }
-
- if (log_all) {
- /* The query functions default to True */
- bitmap_free(*bm);
- *bm = NULL;
}
}
@@ -603,8 +612,6 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
{
int result;
struct vfs_full_audit_private_data *pd = NULL;
- const char *none[] = { NULL };
- const char *all [] = { "all" };
result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
if (result < 0) {
@@ -624,10 +631,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
init_bitmap(&pd->success_ops,
lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
- none));
+ NULL));
init_bitmap(&pd->failure_ops,
lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
- all));
+ NULL));
/* Store the private data. */
SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,