From: Holger Hetterich <hhetter@novell.com>
Date: Thu, 18 Feb 2010 14:13:59 +0000 (+0100)
Subject: s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list
X-Git-Tag: samba-3.6.0pre1~4917
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=99fc004e409ba5e535f1662e92370952777e55ff

s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list

Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
---

diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml
index 1d519e2e09b..9c9dc843f89 100644
--- a/docs-xml/manpages-3/vfs_full_audit.8.xml
+++ b/docs-xml/manpages-3/vfs_full_audit.8.xml
@@ -184,7 +184,8 @@
 		<listitem>
 		<para>LIST is a list of VFS operations that should be
 		recorded if they succeed. Operations are specified using
-		the names listed above.
+		the names listed above. Operations can be unset by prefixing
+		the names with "!".
 		</para>
 
 		</listitem>
@@ -195,7 +196,8 @@
 		<listitem>
 		<para>LIST is a list of VFS operations that should be
 		recorded if they failed. Operations are specified using
-		the names listed above.
+		the names listed above. Operations can be unset by prefixing
+		the names with "!".
 		</para>
 
 		</listitem>
@@ -232,7 +234,8 @@
 
 	<para>Log file and directory open operations on the [records]
 	share using the LOCAL7 facility and ALERT priority, including
-	the username and IP address:</para>
+	the username and IP address. Logging excludes the open VFS function
+	on failures:</para>
 
 <programlisting>
         <smbconfsection name="[records]"/>
@@ -240,7 +243,7 @@
 	<smbconfoption name="vfs objects">full_audit</smbconfoption>
 	<smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
 	<smbconfoption name="full_audit:success">open opendir</smbconfoption>
-	<smbconfoption name="full_audit:failure">all</smbconfoption>
+	<smbconfoption name="full_audit:failure">all !open</smbconfoption>
 	<smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
 	<smbconfoption name="full_audit:priority">ALERT</smbconfoption>
 </programlisting>
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 19ac7adaed3..8a40f6712c8 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -433,56 +433,65 @@ static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
 
 static void init_bitmap(struct bitmap **bm, const char **ops)
 {
-	bool log_all = False;
+	if (*bm != NULL) {
+		return;
+	}
 
-	if (*bm != NULL)
+	if (ops == NULL) {
+		*bm = NULL;
 		return;
+	}
 
 	*bm = bitmap_allocate(SMB_VFS_OP_LAST);
-
 	if (*bm == NULL) {
 		DEBUG(0, ("Could not alloc bitmap -- "
 			  "defaulting to logging everything\n"));
 		return;
 	}
 
-	while (*ops != NULL) {
+	for (; *ops != NULL; ops += 1) {
 		int i;
-		bool found = False;
+		bool neg = false;
+		const char *op;
 
 		if (strequal(*ops, "all")) {
-			log_all = True;
-			break;
+			for (i=0; i<SMB_VFS_OP_LAST; i++) {
+				bitmap_set(*bm, i);
+			}
+			continue;
 		}
 
 		if (strequal(*ops, "none")) {
 			break;
 		}
 
+		op = ops[0];
+		if (op[0] == '!') {
+			neg = true;
+			op += 1;
+		}
+
 		for (i=0; i<SMB_VFS_OP_LAST; i++) {
 			if (vfs_op_names[i].name == NULL) {
 				smb_panic("vfs_full_audit.c: name table not "
 					  "in sync with vfs.h\n");
 			}
-
-			if (strequal(*ops, vfs_op_names[i].name)) {
-				bitmap_set(*bm, i);
-				found = True;
+			if (strequal(op, vfs_op_names[i].name)) {
+				if (neg) {
+					bitmap_clear(*bm, i);
+				} else {
+					bitmap_set(*bm, i);
+				}
+				break;
 			}
 		}
-		if (!found) {
+		if (i == SMB_VFS_OP_LAST) {
 			DEBUG(0, ("Could not find opname %s, logging all\n",
 				  *ops));
-			log_all = True;
+			bitmap_free(*bm);
+			*bm = NULL;
 			break;
 		}
-		ops += 1;
-	}
-
-	if (log_all) {
-		/* The query functions default to True */
-		bitmap_free(*bm);
-		*bm = NULL;
 	}
 }
 
@@ -603,8 +612,6 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 {
 	int result;
 	struct vfs_full_audit_private_data *pd = NULL;
-	const char *none[] = { NULL };
-	const char *all [] = { "all" };
 
 	result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
 	if (result < 0) {
@@ -624,10 +631,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 
 	init_bitmap(&pd->success_ops,
 		    lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
-					none));
+					NULL));
 	init_bitmap(&pd->failure_ops,
 		    lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
-					all));
+					NULL));
 
 	/* Store the private data. */
 	SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,