summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--examples/VFS/skel_opaque.c15
-rw-r--r--examples/VFS/skel_transparent.c18
-rw-r--r--source3/include/vfs.h18
-rw-r--r--source3/include/vfs_macros.h10
-rw-r--r--source3/modules/vfs_fake_acls.c68
-rw-r--r--source3/modules/vfs_full_audit.c37
-rw-r--r--source3/modules/vfs_time_audit.c48
-rw-r--r--source3/smbd/vfs.c21
8 files changed, 235 insertions, 0 deletions
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index edfb772698..a786a234d4 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -586,6 +586,18 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs
return (SMB_ACL_T)NULL;
}
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
errno = ENOSYS;
@@ -771,10 +783,13 @@ struct vfs_fn_pointers skel_opaque_fns = {
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
+
/* EA operations. */
.getxattr_fn = skel_getxattr,
.fgetxattr_fn = skel_fgetxattr,
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 711b7fc139..02a994c07f 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -699,6 +699,22 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs
return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
}
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+}
+
+static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+}
+
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl);
@@ -869,6 +885,8 @@ struct vfs_fn_pointers skel_transparent_fns = {
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 17ec2625a2..8e48803fe7 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -143,6 +143,7 @@
/* Leave at 29 - not yet released. Remove sys_acl functions other than set and get - abartlet */
/* Leave at 29 - not yet released. Added backup_intent bool to files_struct - JRA */
/* Leave at 29 - not yet released. Add durable handle functions - metze/obnox */
+/* Leave at 29 - not yet released. Added sys_acl_blob_get_file and sys_acl_blob_get_fd */
/* Bump to version 30 - Samba 4.0.0 will ship with interface version 30 */
#define SMB_VFS_INTERFACE_VERSION 30
@@ -691,6 +692,12 @@ struct vfs_fn_pointers {
SMB_ACL_T (*sys_acl_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type);
SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp);
+ int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx, char **blob_description,
+ DATA_BLOB *blob);
+ int (*sys_acl_blob_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx, char **blob_description,
+ DATA_BLOB *blob);
int (*sys_acl_set_file_fn)(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
int (*sys_acl_set_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_ACL_T theacl);
int (*sys_acl_delete_def_file_fn)(struct vfs_handle_struct *handle, const char *path);
@@ -1088,6 +1095,17 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_file(struct vfs_handle_struct *handle,
SMB_ACL_TYPE_T type);
SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle,
struct files_struct *fsp);
+int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob);
+int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob);
int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
SMB_ACL_T theacl);
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index f077a6f1af..4eca1b0748 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -439,6 +439,16 @@
#define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp) \
smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp))
+#define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, path_p, type, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (path_p), (type), (mem_ctx), (blob_description), (blob))
+#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_file((handle)->next, (path_p), (type), (mem_ctx), (blob_description), (blob))
+
+#define SMB_VFS_SYS_ACL_BLOB_GET_FD(fsp, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_fd((fsp)->conn->vfs_handles, (fsp), (mem_ctx), (blob_description), (blob))
+#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_fd((handle)->next, (fsp), mem_ctx, (blob_description), (blob))
+
#define SMB_VFS_SYS_ACL_SET_FILE(conn, name, acltype, theacl) \
smb_vfs_call_sys_acl_set_file((conn)->vfs_handles, (name), (acltype), (theacl))
#define SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl) \
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index abe65700de..258cb197c0 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -294,6 +294,72 @@ static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle, file
return acl;
}
+
+static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = NULL;
+ switch (type) {
+ case SMB_ACL_TYPE_ACCESS:
+ name = FAKE_ACL_ACCESS_XATTR;
+ break;
+ case SMB_ACL_TYPE_DEFAULT:
+ name = FAKE_ACL_DEFAULT_XATTR;
+ break;
+ }
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
+static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = FAKE_ACL_ACCESS_XATTR;
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
int ret;
@@ -450,6 +516,8 @@ static struct vfs_fn_pointers vfs_fake_acls_fns = {
.fstat_fn = fake_acls_fstat,
.sys_acl_get_file_fn = fake_acls_sys_acl_get_file,
.sys_acl_get_fd_fn = fake_acls_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = fake_acls_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = fake_acls_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = fake_acls_sys_acl_set_file,
.sys_acl_set_fd_fn = fake_acls_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = fake_acls_sys_acl_delete_def_file,
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 48198e7fa5..392baeadd0 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -175,6 +175,8 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_SYS_ACL_GET_FILE,
SMB_VFS_OP_SYS_ACL_GET_FD,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
SMB_VFS_OP_SYS_ACL_SET_FILE,
SMB_VFS_OP_SYS_ACL_SET_FD,
SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
@@ -284,6 +286,8 @@ static struct {
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
{ SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
{ SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
{ SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
{ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
@@ -1821,6 +1825,39 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
+ "%s", path_p);
+
+ return result;
+}
+
+static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
+ "%s", fsp_str_do_log(fsp));
+
+ return result;
+}
+
static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index c80fc8a0c3..7571b2f340 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1809,6 +1809,52 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+
+static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_file", timediff);
+ }
+
+ return result;
+}
+
+static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_fd", timediff);
+ }
+
+ return result;
+}
+
static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name,
SMB_ACL_TYPE_T acltype,
@@ -2135,6 +2181,8 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.fchmod_acl_fn = smb_time_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file,
.sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file,
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index bb9549c887..763ef37f89 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2226,6 +2226,27 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle,
return handle->fns->sys_acl_get_fd_fn(handle, fsp);
}
+int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ VFS_FIND(sys_acl_blob_get_file);
+ return handle->fns->sys_acl_blob_get_file_fn(handle, path_p, type, mem_ctx, blob_description, blob);
+}
+
+int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ VFS_FIND(sys_acl_blob_get_fd);
+ return handle->fns->sys_acl_blob_get_fd_fn(handle, fsp, mem_ctx, blob_description, blob);
+}
+
int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
SMB_ACL_T theacl)
generated by cgit (git 2.34.1) at 2024-05-19 05:42:38 +0000