diff options
| author | Richard Sharpe <realrichardsharpe@gmail.com> | 2012-04-27 21:31:34 -0700 |
|---|---|---|
| committer | Richard Sharpe <sharpe@samba.org> | 2012-04-28 08:05:00 +0200 |
| commit | 0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267 (patch) | |
| tree | 38e844a9bb5ccb28ea862ffa0498212c65bb4651 | |
| parent | 12ee7933327e99c0a5db8c7b6273775a6fc9c8fd (diff) | |
| download | samba-0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267.tar.gz samba-0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267.tar.xz samba-0dc3f423d25d3a50fa39ecee8a8ca13cdfe32267.zip | |
Add an audit file VFS routine so we can handle auditing with SACLs.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Sat Apr 28 08:05:00 CEST 2012 on sn-devel-104
| -rw-r--r-- | source3/include/vfs.h | 6 | ||||
| -rw-r--r-- | source3/include/vfs_macros.h | 5 | ||||
| -rw-r--r-- | source3/modules/vfs_default.c | 10 | ||||
| -rw-r--r-- | source3/smbd/vfs.c | 14 |
4 files changed, 35 insertions, 0 deletions
diff --git a/source3/include/vfs.h b/source3/include/vfs.h index e858235a91f..b5f234ad094 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -370,6 +370,12 @@ struct vfs_fn_pointers { uint32 security_info_sent, const struct security_descriptor *psd); + NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied); + /* POSIX ACL operations. */ int (*chmod_acl_fn)(struct vfs_handle_struct *handle, const char *name, mode_t mode); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index c324439e3f0..3c2256bfeea 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -389,6 +389,11 @@ #define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \ smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (ppdesc)) +#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \ + smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied)) +#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested, access_denied) \ + smb_vfs_call_audit_file((handle)->next, (name), (sacl), (access_requested), (access_denied)) + #define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \ smb_vfs_call_fset_nt_acl((fsp)->conn->vfs_handles, (fsp), (security_info_sent), (psd)) #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index dd5441740ad..887dbcb9afc 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1872,6 +1872,15 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp return result; } +NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied) +{ + return NT_STATUS_OK; /* Nothing to do here ... */ +} + static int vfswrap_chmod_acl(vfs_handle_struct *handle, const char *name, mode_t mode) { #ifdef HAVE_NO_ACL @@ -2249,6 +2258,7 @@ static struct vfs_fn_pointers vfs_default_fns = { .fget_nt_acl_fn = vfswrap_fget_nt_acl, .get_nt_acl_fn = vfswrap_get_nt_acl, .fset_nt_acl_fn = vfswrap_fset_nt_acl, + .audit_file_fn = vfswrap_audit_file, /* POSIX ACL operations. */ diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 6c9692a65b6..2be6c54a881 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -1958,6 +1958,20 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle, psd); } +NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle, + struct smb_filename *file, + struct security_acl *sacl, + uint32_t access_requested, + uint32_t access_denied) +{ + VFS_FIND(audit_file); + return handle->fns->audit_file_fn(handle, + file, + sacl, + access_requested, + access_denied); +} + int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const char *name, mode_t mode) { |