samba - Dec 2022 - 4.17.3 on debian: vfs_full_audit issues

09.12.2022 23:42, Jeremy Allison wrote:
[]
>> Jeremy, it is about 3..5 lines of code plus extra elements in the
>> vfs_op_names[] array. It is trivial to do, I can just send a patch
>> if you want.
> 
> Cool ! Yes please - remember to also update the man page.
Well, it can be added to the manpage, but do you think it is really necessary?
I mean, there's an official naming and compatibility naming, and the code
might even produce a warning if compat naming is used (that's another line
of code in the patch :).

The thing is that _some_ syscalls now have both ways, - eg open *and* openat.

(Sure it's okay to modify the manpage too).

The PoC patch is attached (I haven't tried to even compile it yet).
Is something like that okay? :)

/mjt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-vfs_full_audit-allow-aliases-for-vfs-operations-for-.patch
Type: text/x-patch
Size: 2483 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20221210/76e409d1/0001-vfs_full_audit-allow-aliases-for-vfs-operations-for-.bin>

On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev
wrote:
>of code in the patch :).
>
>The thing is that _some_ syscalls now have both ways, - eg open *and*
openat.
>
>(Sure it's okay to modify the manpage too).
>
>The PoC patch is attached (I haven't tried to even compile it yet).
>Is something like that okay? :)
Looks good, but doing a search on "AT," finds:

SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path"
SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path"
SMB_VFS_OP_FSTATAT -> map to "fstat" ?
SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?
>From 799069263597d12cf1fcc2356039d3bcccd297e1 Mon Sep 17 00:00:00 2001
>From: Michael Tokarev <mjt at tls.msk.ru>
>Date: Fri, 9 Dec 2022 23:47:46 +0300
>Subject: [PATCH] vfs_full_audit: allow aliases for vfs operations for
> compatibility
>
>This extends vfs_op_names[] array in vfs_full_audit to allow more
>entries after SMB_VFS_OP_LAST, to make room for aliases.
>In the only place where this array is searched for the entered name,
>use ARRAY_SIZE(vfs_op_names) instead of SMB_VFS_OP_LAST, and check
>for correctness of the entries only before SMB_VFS_OP_LAST.
>The other place where this array is used, to *get* the name of the
>operation, continue to cap it by SMB_VFS_OP_LAST.
>
>And include some aliases for the modern *at operations
>(mkdir for mkdirat, mknod for mknodat, etc).
>
>Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
>---
> source3/modules/vfs_full_audit.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
>diff --git a/source3/modules/vfs_full_audit.c
b/source3/modules/vfs_full_audit.c
>index 25fd0cad326..1587a12972e 100644
>--- a/source3/modules/vfs_full_audit.c
>+++ b/source3/modules/vfs_full_audit.c
>@@ -347,7 +347,14 @@ static struct {
> 	{ SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
> 	{ SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
> 	{ SMB_VFS_OP_FREADDIR_ATTR,      "freaddir_attr" },
>-	{ SMB_VFS_OP_LAST, NULL }
>+	/* compatibility aliases, starting at SMB_VFS_OP_LAST, unsorted: */
>+	{ SMB_VFS_OP_MKDIRAT, "mkdir" },
>+	{ SMB_VFS_OP_RENAMEAT,  "rename" },
>+	{ SMB_VFS_OP_UNLINKAT,  "unlink" },
>+	{ SMB_VFS_OP_SYMLINKAT,	"symlink" },
>+	{ SMB_VFS_OP_READLINKAT,"readlink" },
>+	{ SMB_VFS_OP_LINKAT,	"link" },
>+	{ SMB_VFS_OP_MKNODAT,	"mknod" },
> };
> 
> static int audit_syslog_facility(vfs_handle_struct *handle)
>@@ -547,9 +554,8 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx,
const char **ops)
> 			op += 1;
> 		}
> 
>-		for (i=0; i<SMB_VFS_OP_LAST; i++) {
>-			if ((vfs_op_names[i].name == NULL)
>-			 || (vfs_op_names[i].type != i)) {
>+		for (i=0; i<ARRAY_SIZE(vfs_op_names); i++) {
>+			if (i < SMB_VFS_OP_LAST && vfs_op_names[i].type != i) {
> 				smb_panic("vfs_full_audit.c: name table not "
> 					  "in sync with vfs_op_type enums\n");
> 			}
>@@ -562,7 +568,7 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx,
const char **ops)
> 				break;
> 			}
> 		}
>-		if (i == SMB_VFS_OP_LAST) {
>+		if (i == ARRAY_SIZE(vfs_op_names)) {
> 			DBG_ERR("Could not find opname %s\n", *ops);
> 			TALLOC_FREE(bm);
> 			return NULL;
>-- 
>2.30.2
>