The branch, master has been updated
via 0dc3f42 Add an audit file VFS routine so we can handle auditing
with SACLs.
from 12ee793 s4:torture: add a check for talloc success in
rpc.samba3.randomauth2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267
Author: Richard Sharpe <realrichardsha...@gmail.com>
Date: Fri Apr 27 21:31:34 2012 -0700
Add an audit file VFS routine so we can handle auditing with SACLs.
Autobuild-User: Richard Sharpe <sha...@samba.org>
Autobuild-Date: Sat Apr 28 08:05:00 CEST 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/include/vfs.h | 6 ++++++
source3/include/vfs_macros.h | 5 +++++
source3/modules/vfs_default.c | 10 ++++++++++
source3/smbd/vfs.c | 14 ++++++++++++++
4 files changed, 35 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index e858235..b5f234a 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -370,6 +370,12 @@ struct vfs_fn_pointers {
uint32 security_info_sent,
const struct security_descriptor *psd);
+ NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied);
+
/* POSIX ACL operations. */
int (*chmod_acl_fn)(struct vfs_handle_struct *handle, const char *name,
mode_t mode);
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index c324439..3c2256b 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -389,6 +389,11 @@
#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \
smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info),
(ppdesc))
+#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
+ smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl),
(access_requested), (access_denied))
+#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested,
access_denied) \
+ smb_vfs_call_audit_file((handle)->next, (name), (sacl),
(access_requested), (access_denied))
+
#define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \
smb_vfs_call_fset_nt_acl((fsp)->conn->vfs_handles, (fsp),
(security_info_sent), (psd))
#define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index dd54417..887dbcb 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1872,6 +1872,15 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct
*handle, files_struct *fsp
return result;
}
+NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied)
+{
+ return NT_STATUS_OK; /* Nothing to do here ... */
+}
+
static int vfswrap_chmod_acl(vfs_handle_struct *handle, const char *name,
mode_t mode)
{
#ifdef HAVE_NO_ACL
@@ -2249,6 +2258,7 @@ static struct vfs_fn_pointers vfs_default_fns = {
.fget_nt_acl_fn = vfswrap_fget_nt_acl,
.get_nt_acl_fn = vfswrap_get_nt_acl,
.fset_nt_acl_fn = vfswrap_fset_nt_acl,
+ .audit_file_fn = vfswrap_audit_file,
/* POSIX ACL operations. */
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 6c9692a..2be6c54 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1958,6 +1958,20 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct
vfs_handle_struct *handle,
psd);
}
+NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
+ struct smb_filename *file,
+ struct security_acl *sacl,
+ uint32_t access_requested,
+ uint32_t access_denied)
+{
+ VFS_FIND(audit_file);
+ return handle->fns->audit_file_fn(handle,
+ file,
+ sacl,
+ access_requested,
+ access_denied);
+}
+
int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const char *name,
mode_t mode)
{
--
Samba Shared Repository
