The branch, master has been updated
via 4d72ebb s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames.
via 59f1334 s3: VFS: vfs_full_audit: Add $cwd arg to
smb_fname_str_do_log().
from c833ec4 travis-ci: Add python3-crypto to package list
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4d72ebb821518c25e4759ad697d5e18257f80765
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 24 13:37:27 2018 -0700
s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns
absolute pathnames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Mon Aug 27 20:23:55 CEST 2018 on sn-devel-144
commit 59f13347260f5c4367c709eb07139f2ba7ddad72
Author: Jeremy Allison <j...@samba.org>
Date: Fri Aug 24 13:17:24 2018 -0700
s3: VFS: vfs_full_audit: Add $cwd arg to smb_fname_str_do_log().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_full_audit.c | 62 +++++++++++++++++++++++++++++-----------
1 file changed, 46 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 0fbf9ec..e7ca89f 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -658,7 +658,8 @@ static void do_log(vfs_op_type op, bool success,
vfs_handle_struct *handle,
/**
* Return a string using the do_log_ctx()
*/
-static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
+static const char *smb_fname_str_do_log(const struct smb_filename *cwd,
+ const struct smb_filename *smb_fname)
{
char *fname = NULL;
NTSTATUS status;
@@ -666,6 +667,32 @@ static const char *smb_fname_str_do_log(const struct
smb_filename *smb_fname)
if (smb_fname == NULL) {
return "";
}
+
+ if (smb_fname->base_name[0] != '/') {
+ char *abs_name = NULL;
+ struct smb_filename *fname_copy = cp_smb_filename(
+ do_log_ctx(),
+ smb_fname);
+ if (fname_copy == NULL) {
+ return "";
+ }
+
+ if (!ISDOT(smb_fname->base_name)) {
+ abs_name = talloc_asprintf(do_log_ctx(),
+ "%s/%s",
+ cwd->base_name,
+ smb_fname->base_name);
+ } else {
+ abs_name = talloc_strdup(do_log_ctx(),
+ cwd->base_name);
+ }
+ if (abs_name == NULL) {
+ return "";
+ }
+ fname_copy->base_name = abs_name;
+ smb_fname = fname_copy;
+ }
+
status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
if (!NT_STATUS_IS_OK(status)) {
return "";
@@ -678,7 +705,7 @@ static const char *smb_fname_str_do_log(const struct
smb_filename *smb_fname)
*/
static const char *fsp_str_do_log(const struct files_struct *fsp)
{
- return smb_fname_str_do_log(fsp->fsp_name);
+ return smb_fname_str_do_log(fsp->conn->cwd_fname, fsp->fsp_name);
}
/* Implementation of vfs_ops. Pass everything on to the default
@@ -1017,7 +1044,7 @@ static int smb_full_audit_open(vfs_handle_struct *handle,
do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -1091,7 +1118,8 @@ static NTSTATUS
smb_full_audit_create_file(vfs_handle_struct *handle,
do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
"0x%x|%s|%s|%s", access_mask,
create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
- str_create_disposition, smb_fname_str_do_log(smb_fname));
+ str_create_disposition,
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -1330,8 +1358,8 @@ static int smb_full_audit_rename(vfs_handle_struct
*handle,
result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
- smb_fname_str_do_log(smb_fname_src),
- smb_fname_str_do_log(smb_fname_dst));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_src),
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_dst));
return result;
}
@@ -1413,7 +1441,7 @@ static int smb_full_audit_stat(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_STAT(handle, smb_fname);
do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -1439,7 +1467,7 @@ static int smb_full_audit_lstat(vfs_handle_struct *handle,
result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -1465,7 +1493,7 @@ static int smb_full_audit_unlink(vfs_handle_struct
*handle,
result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -1576,7 +1604,7 @@ static int smb_full_audit_ntimes(vfs_handle_struct
*handle,
result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -2013,7 +2041,8 @@ static NTSTATUS
smb_full_audit_get_compression(vfs_handle_struct *handle,
do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
"%s",
- (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname)));
+ (fsp ? fsp_str_do_log(fsp) :
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)));
return result;
}
@@ -2044,7 +2073,7 @@ static NTSTATUS smb_full_audit_readdir_attr(struct
vfs_handle_struct *handle,
status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
- smb_fname_str_do_log(fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, fname));
return status;
}
@@ -2064,7 +2093,7 @@ static NTSTATUS smb_full_audit_get_dos_attributes(
NT_STATUS_IS_OK(status),
handle,
"%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return status;
}
@@ -2226,7 +2255,7 @@ static NTSTATUS smb_full_audit_set_dos_attributes(
NT_STATUS_IS_OK(status),
handle,
"%s",
- smb_fname_str_do_log(smb_fname));
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return status;
}
@@ -2279,7 +2308,7 @@ static NTSTATUS
smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
mem_ctx, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
- "%s", smb_fname_str_do_log(smb_fname));
+ "%s", smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
return result;
}
@@ -2325,7 +2354,8 @@ static NTSTATUS smb_full_audit_audit_file(struct
vfs_handle_struct *handle,
access_denied);
do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
- "%s", smb_fname_str_do_log(file));
+ "%s",
+ smb_fname_str_do_log(handle->conn->cwd_fname, file));
return result;
}
--
Samba Shared Repository
