On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote:>of code in the patch :). > >The thing is that _some_ syscalls now have both ways, - eg open *and* openat. > >(Sure it's okay to modify the manpage too). > >The PoC patch is attached (I haven't tried to even compile it yet). >Is something like that okay? :)Looks good, but doing a search on "AT," finds: SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path" SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path" SMB_VFS_OP_FSTATAT -> map to "fstat" ? SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?>From 799069263597d12cf1fcc2356039d3bcccd297e1 Mon Sep 17 00:00:00 2001 >From: Michael Tokarev <mjt at tls.msk.ru> >Date: Fri, 9 Dec 2022 23:47:46 +0300 >Subject: [PATCH] vfs_full_audit: allow aliases for vfs operations for > compatibility > >This extends vfs_op_names[] array in vfs_full_audit to allow more >entries after SMB_VFS_OP_LAST, to make room for aliases. >In the only place where this array is searched for the entered name, >use ARRAY_SIZE(vfs_op_names) instead of SMB_VFS_OP_LAST, and check >for correctness of the entries only before SMB_VFS_OP_LAST. >The other place where this array is used, to *get* the name of the >operation, continue to cap it by SMB_VFS_OP_LAST. > >And include some aliases for the modern *at operations >(mkdir for mkdirat, mknod for mknodat, etc). > >Signed-off-by: Michael Tokarev <mjt at tls.msk.ru> >--- > source3/modules/vfs_full_audit.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > >diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c >index 25fd0cad326..1587a12972e 100644 >--- a/source3/modules/vfs_full_audit.c >+++ b/source3/modules/vfs_full_audit.c >@@ -347,7 +347,14 @@ static struct { > { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" }, > { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" }, > { SMB_VFS_OP_FREADDIR_ATTR, "freaddir_attr" }, >- { SMB_VFS_OP_LAST, NULL } >+ /* compatibility aliases, starting at SMB_VFS_OP_LAST, unsorted: */ >+ { SMB_VFS_OP_MKDIRAT, "mkdir" }, >+ { SMB_VFS_OP_RENAMEAT, "rename" }, >+ { SMB_VFS_OP_UNLINKAT, "unlink" }, >+ { SMB_VFS_OP_SYMLINKAT, "symlink" }, >+ { SMB_VFS_OP_READLINKAT,"readlink" }, >+ { SMB_VFS_OP_LINKAT, "link" }, >+ { SMB_VFS_OP_MKNODAT, "mknod" }, > }; > > static int audit_syslog_facility(vfs_handle_struct *handle) >@@ -547,9 +554,8 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops) > op += 1; > } > >- for (i=0; i<SMB_VFS_OP_LAST; i++) { >- if ((vfs_op_names[i].name == NULL) >- || (vfs_op_names[i].type != i)) { >+ for (i=0; i<ARRAY_SIZE(vfs_op_names); i++) { >+ if (i < SMB_VFS_OP_LAST && vfs_op_names[i].type != i) { > smb_panic("vfs_full_audit.c: name table not " > "in sync with vfs_op_type enums\n"); > } >@@ -562,7 +568,7 @@ static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops) > break; > } > } >- if (i == SMB_VFS_OP_LAST) { >+ if (i == ARRAY_SIZE(vfs_op_names)) { > DBG_ERR("Could not find opname %s\n", *ops); > TALLOC_FREE(bm); > return NULL; >-- >2.30.2 >
Stefan G. Weichinger
2022-Dec-11 14:59 UTC
[Samba] 4.17.3 on debian: vfs_full_audit issues
Am 10.12.22 um 00:21 schrieb Jeremy Allison via samba:> On Sat, Dec 10, 2022 at 12:02:05AM +0300, Michael Tokarev wrote: >> of code in the patch :). >> >> The thing is that _some_ syscalls now have both ways, - eg open *and* >> openat. >> >> (Sure it's okay to modify the manpage too). >> >> The PoC patch is attached (I haven't tried to even compile it yet). >> Is something like that okay? :) > > Looks good, but doing a search on "AT," finds: > > SMB_VFS_OP_CREATE_DFS_PATHAT -> map to "create_dfs_path" > SMB_VFS_OP_READ_DFS_PATHAT -> map to "read_dfs_path" > SMB_VFS_OP_FSTATAT -> map to "fstat" ? > SMB_VFS_OP_GET_REAL_FILENAME_AT -> map to "get_real_filename" ?Thanks all in the thread. I assume I can only wait for any updated packages? For now share access seems to work on that server, just with a reduced set of logged actions. That's acceptable for a few days, as long as the users don't know ;-)