Add an audit file VFS routine so we can handle auditing with SACLs.

Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Sat Apr 28 08:05:00 CEST 2012 on sn-devel-104

diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index e858235a91fe72592f355507c014d99bc1641783..b5f234ad094e18e0c7804f35a740329b79bb1de5 100644 (file)
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -370,6 +370,12 @@ struct vfs_fn_pointers {
                                   uint32 security_info_sent,
                                   const struct security_descriptor *psd);
 
+       NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle,
+                                 struct smb_filename *file,
+                                 struct security_acl *sacl,
+                                 uint32_t access_requested,
+                                 uint32_t access_denied);
+
        /* POSIX ACL operations. */
 
        int (*chmod_acl_fn)(struct vfs_handle_struct *handle, const char *name, mode_t mode);

diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index c324439e3f0c031f728318357d713286e136057c..3c2256bfeeadcc39008f951c62bfce74bfd3131a 100644 (file)
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -389,6 +389,11 @@
 #define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \
        smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (ppdesc))
 
+#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
+       smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied))
+#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested, access_denied) \
+       smb_vfs_call_audit_file((handle)->next, (name), (sacl), (access_requested), (access_denied))
+
 #define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \
        smb_vfs_call_fset_nt_acl((fsp)->conn->vfs_handles, (fsp), (security_info_sent), (psd))
 #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index dd5441740adb9d916bd5234f748663c4e7c5f550..887dbcb9afc2209e11cfed15879e90efe9402b8d 100644 (file)
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1872,6 +1872,15 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp
        return result;
 }
 
+NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle,
+                           struct smb_filename *file,
+                           struct security_acl *sacl,
+                           uint32_t access_requested,
+                           uint32_t access_denied)
+{
+       return NT_STATUS_OK; /* Nothing to do here ... */
+}
+
 static int vfswrap_chmod_acl(vfs_handle_struct *handle,  const char *name, mode_t mode)
 {
 #ifdef HAVE_NO_ACL
@@ -2249,6 +2258,7 @@ static struct vfs_fn_pointers vfs_default_fns = {
        .fget_nt_acl_fn = vfswrap_fget_nt_acl,
        .get_nt_acl_fn = vfswrap_get_nt_acl,
        .fset_nt_acl_fn = vfswrap_fset_nt_acl,
+       .audit_file_fn = vfswrap_audit_file,
 
        /* POSIX ACL operations. */
 

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 6c9692a65b6bc4b85b576a3aa3784d2d08b51da7..2be6c54a8812c52ffad854b9f21eeb3a31de7843 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1958,6 +1958,20 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
                                           psd);
 }
 
+NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle,
+                                struct smb_filename *file,
+                                struct security_acl *sacl,
+                                uint32_t access_requested,
+                                uint32_t access_denied)
+{
+       VFS_FIND(audit_file);
+       return handle->fns->audit_file_fn(handle, 
+                                         file, 
+                                         sacl, 
+                                         access_requested, 
+                                         access_denied);
+}
+
 int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const char *name,
                           mode_t mode)
 {