The branch, master has been updated via 4d72ebb s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames. via 59f1334 s3: VFS: vfs_full_audit: Add $cwd arg to smb_fname_str_do_log(). from c833ec4 travis-ci: Add python3-crypto to package list
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 4d72ebb821518c25e4759ad697d5e18257f80765 Author: Jeremy Allison <j...@samba.org> Date: Fri Aug 24 13:37:27 2018 -0700 s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Mon Aug 27 20:23:55 CEST 2018 on sn-devel-144 commit 59f13347260f5c4367c709eb07139f2ba7ddad72 Author: Jeremy Allison <j...@samba.org> Date: Fri Aug 24 13:17:24 2018 -0700 s3: VFS: vfs_full_audit: Add $cwd arg to smb_fname_str_do_log(). Not yet used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/modules/vfs_full_audit.c | 62 +++++++++++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 0fbf9ec..e7ca89f 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -658,7 +658,8 @@ static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle, /** * Return a string using the do_log_ctx() */ -static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname) +static const char *smb_fname_str_do_log(const struct smb_filename *cwd, + const struct smb_filename *smb_fname) { char *fname = NULL; NTSTATUS status; @@ -666,6 +667,32 @@ static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname) if (smb_fname == NULL) { return ""; } + + if (smb_fname->base_name[0] != '/') { + char *abs_name = NULL; + struct smb_filename *fname_copy = cp_smb_filename( + do_log_ctx(), + smb_fname); + if (fname_copy == NULL) { + return ""; + } + + if (!ISDOT(smb_fname->base_name)) { + abs_name = talloc_asprintf(do_log_ctx(), + "%s/%s", + cwd->base_name, + smb_fname->base_name); + } else { + abs_name = talloc_strdup(do_log_ctx(), + cwd->base_name); + } + if (abs_name == NULL) { + return ""; + } + fname_copy->base_name = abs_name; + smb_fname = fname_copy; + } + status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname); if (!NT_STATUS_IS_OK(status)) { return ""; @@ -678,7 +705,7 @@ static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname) */ static const char *fsp_str_do_log(const struct files_struct *fsp) { - return smb_fname_str_do_log(fsp->fsp_name); + return smb_fname_str_do_log(fsp->conn->cwd_fname, fsp->fsp_name); } /* Implementation of vfs_ops. Pass everything on to the default @@ -1017,7 +1044,7 @@ static int smb_full_audit_open(vfs_handle_struct *handle, do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s", ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -1091,7 +1118,8 @@ static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle, do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s|%s|%s", access_mask, create_options & FILE_DIRECTORY_FILE ? "dir" : "file", - str_create_disposition, smb_fname_str_do_log(smb_fname)); + str_create_disposition, + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -1330,8 +1358,8 @@ static int smb_full_audit_rename(vfs_handle_struct *handle, result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst); do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", - smb_fname_str_do_log(smb_fname_src), - smb_fname_str_do_log(smb_fname_dst)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_src), + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname_dst)); return result; } @@ -1413,7 +1441,7 @@ static int smb_full_audit_stat(vfs_handle_struct *handle, result = SMB_VFS_NEXT_STAT(handle, smb_fname); do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -1439,7 +1467,7 @@ static int smb_full_audit_lstat(vfs_handle_struct *handle, result = SMB_VFS_NEXT_LSTAT(handle, smb_fname); do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -1465,7 +1493,7 @@ static int smb_full_audit_unlink(vfs_handle_struct *handle, result = SMB_VFS_NEXT_UNLINK(handle, smb_fname); do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -1576,7 +1604,7 @@ static int smb_full_audit_ntimes(vfs_handle_struct *handle, result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft); do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -2013,7 +2041,8 @@ static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle, do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle, "%s", - (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname))); + (fsp ? fsp_str_do_log(fsp) : + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname))); return result; } @@ -2044,7 +2073,7 @@ static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle, status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data); do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s", - smb_fname_str_do_log(fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, fname)); return status; } @@ -2064,7 +2093,7 @@ static NTSTATUS smb_full_audit_get_dos_attributes( NT_STATUS_IS_OK(status), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return status; } @@ -2226,7 +2255,7 @@ static NTSTATUS smb_full_audit_set_dos_attributes( NT_STATUS_IS_OK(status), handle, "%s", - smb_fname_str_do_log(smb_fname)); + smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return status; } @@ -2279,7 +2308,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, mem_ctx, ppdesc); do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle, - "%s", smb_fname_str_do_log(smb_fname)); + "%s", smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname)); return result; } @@ -2325,7 +2354,8 @@ static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle, access_denied); do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle, - "%s", smb_fname_str_do_log(file)); + "%s", + smb_fname_str_do_log(handle->conn->cwd_fname, file)); return result; } -- Samba Shared Repository