summaryrefslogtreecommitdiff
path: root/source3/modules
diff options
context:
space:
mode:
Diffstat (limited to 'source3/modules')
-rw-r--r--source3/modules/vfs_fake_acls.c68
-rw-r--r--source3/modules/vfs_full_audit.c37
-rw-r--r--source3/modules/vfs_time_audit.c48
3 files changed, 153 insertions, 0 deletions
diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c
index abe65700de..258cb197c0 100644
--- a/source3/modules/vfs_fake_acls.c
+++ b/source3/modules/vfs_fake_acls.c
@@ -294,6 +294,72 @@ static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle, file
return acl;
}
+
+static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = NULL;
+ switch (type) {
+ case SMB_ACL_TYPE_ACCESS:
+ name = FAKE_ACL_ACCESS_XATTR;
+ break;
+ case SMB_ACL_TYPE_DEFAULT:
+ name = FAKE_ACL_DEFAULT_XATTR;
+ break;
+ }
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
+static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = FAKE_ACL_ACCESS_XATTR;
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
int ret;
@@ -450,6 +516,8 @@ static struct vfs_fn_pointers vfs_fake_acls_fns = {
.fstat_fn = fake_acls_fstat,
.sys_acl_get_file_fn = fake_acls_sys_acl_get_file,
.sys_acl_get_fd_fn = fake_acls_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = fake_acls_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = fake_acls_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = fake_acls_sys_acl_set_file,
.sys_acl_set_fd_fn = fake_acls_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = fake_acls_sys_acl_delete_def_file,
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 48198e7fa5..392baeadd0 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -175,6 +175,8 @@ typedef enum _vfs_op_type {
SMB_VFS_OP_SYS_ACL_GET_FILE,
SMB_VFS_OP_SYS_ACL_GET_FD,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
SMB_VFS_OP_SYS_ACL_SET_FILE,
SMB_VFS_OP_SYS_ACL_SET_FD,
SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
@@ -284,6 +286,8 @@ static struct {
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
{ SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
{ SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
{ SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
{ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
@@ -1821,6 +1825,39 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
+ "%s", path_p);
+
+ return result;
+}
+
+static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
+ "%s", fsp_str_do_log(fsp));
+
+ return result;
+}
+
static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index c80fc8a0c3..7571b2f340 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1809,6 +1809,52 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
return result;
}
+
+static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_file", timediff);
+ }
+
+ return result;
+}
+
+static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_fd", timediff);
+ }
+
+ return result;
+}
+
static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name,
SMB_ACL_TYPE_T acltype,
@@ -2135,6 +2181,8 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
.fchmod_acl_fn = smb_time_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file,
.sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file,
generated by cgit (git 2.34.1) at 2025-02-17 10:27:46 +0000