From e8375ddf2d29b12cfe84ceec7195de957d0a743c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 10 Sep 2012 12:44:01 +1000
Subject: smbd: Add extra VFS hooks to get the posix ACL as a blob

This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
---
 source3/modules/vfs_time_audit.c | 48 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

(limited to 'source3/modules/vfs_time_audit.c')

diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c
index c80fc8a0c3..7571b2f340 100644
--- a/source3/modules/vfs_time_audit.c
+++ b/source3/modules/vfs_time_audit.c
@@ -1809,6 +1809,52 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle,
 	return result;
 }
 
+
+static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+						const char *path_p,
+						SMB_ACL_TYPE_T type,	
+						TALLOC_CTX *mem_ctx, 
+						char **blob_description,
+						DATA_BLOB *blob)
+{
+	int result;
+	struct timespec ts1,ts2;
+	double timediff;
+
+	clock_gettime_mono(&ts1);
+	result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+	clock_gettime_mono(&ts2);
+	timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+	if (timediff > audit_timeout) {
+		smb_time_audit_log("sys_acl_blob_get_file", timediff);
+	}
+
+	return result;
+}
+
+static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+					      files_struct *fsp,
+					      TALLOC_CTX *mem_ctx, 
+					      char **blob_description,
+					      DATA_BLOB *blob)
+{
+	int result;
+	struct timespec ts1,ts2;
+	double timediff;
+
+	clock_gettime_mono(&ts1);
+	result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+	clock_gettime_mono(&ts2);
+	timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+	if (timediff > audit_timeout) {
+		smb_time_audit_log("sys_acl_blob_get_fd", timediff);
+	}
+
+	return result;
+}
+
 static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle,
 					   const char *name,
 					   SMB_ACL_TYPE_T acltype,
@@ -2135,6 +2181,8 @@ static struct vfs_fn_pointers vfs_time_audit_fns = {
 	.fchmod_acl_fn = smb_time_audit_fchmod_acl,
 	.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
 	.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
+	.sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file,
+	.sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd,
 	.sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file,
 	.sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd,
 	.sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file,
-- 
cgit