1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * lustre/mds/mds_audit.c
5 * Lustre Metadata Server (mds) audit stuff
7 * Copyright (c) 2001-2003 Cluster File Systems, Inc.
9 * This file is part of Lustre, http://www.lustre.org.
11 * Lustre is free software; you can redistribute it and/or
12 * modify it under the terms of version 2 of the GNU General Public
13 * License as published by the Free Software Foundation.
15 * Lustre is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with Lustre; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 # define EXPORT_SYMTAB
28 #define DEBUG_SUBSYSTEM S_MDS
30 #include <linux/module.h>
31 #include <linux/lustre_mds.h>
32 #include <linux/lustre_dlm.h>
33 #include <linux/init.h>
34 #include <linux/obd_class.h>
35 #include <linux/random.h>
37 #include <linux/jbd.h>
38 #include <linux/namei.h>
39 #include <linux/ext3_fs.h>
40 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0))
41 # include <linux/smp_lock.h>
42 # include <linux/buffer_head.h>
43 # include <linux/workqueue.h>
44 # include <linux/mount.h>
46 # include <linux/locks.h>
48 #include <linux/obd_lov.h>
49 #include <linux/obd_ost.h>
50 #include <linux/lustre_mds.h>
51 #include <linux/lustre_fsfilt.h>
52 #include <linux/lprocfs_status.h>
53 #include <linux/lustre_commit_confd.h>
54 #include <linux/lustre_acl.h>
55 #include "mds_internal.h"
57 int mds_audit_stat(struct ptlrpc_request *req, struct lustre_id * id,
58 struct inode *inode, char *name, int namelen, int ret)
60 struct obd_device *obd = req->rq_export->exp_obd;
61 ptl_nid_t nid = req->rq_peer.peer_id.nid;
62 struct audit_info info = {
66 int rc = 0, len = sizeof(info);
74 info.m.uid = current->uid;
75 info.m.gid = current->gid;
77 info.m.code = AUDIT_STAT;
80 info.namelen = namelen;
82 // send info to local fs
83 fsfilt_set_info(obd, inode->i_sb, inode,
84 10, "audit_info", len, (void*)&info);
89 int mds_audit_perm(struct ptlrpc_request *req, struct inode *inode, audit_op op)
91 struct obd_device *obd = req->rq_export->exp_obd;
92 ptl_nid_t nid = req->rq_peer.peer_id.nid;
93 struct audit_info info = {
103 info.m.uid = current->uid;
104 info.m.gid = current->gid;
105 info.m.result = -EACCES;
108 /* failed access, log child id only */
109 mds_pack_inode2id(obd, &info.m.id, inode, 1);
111 fsfilt_set_info(obd, inode->i_sb, inode,
112 10, "audit_info", sizeof(info), (void*)&info);
117 int mds_audit_open(struct ptlrpc_request *req, struct lustre_id * id,
118 struct inode *inode, char *name, int namelen, int ret)
120 struct obd_device *obd = req->rq_export->exp_obd;
121 ptl_nid_t nid = req->rq_peer.peer_id.nid;
122 struct audit_info info = {
126 int rc = 0, len = sizeof(info);
133 info.m.uid = current->uid;
134 info.m.gid = current->gid;
136 info.m.code = AUDIT_OPEN;
139 info.namelen = namelen;
142 fsfilt_set_info(obd, inode->i_sb, inode,
143 10, "audit_info", len, (void*)&info);
148 int mds_audit_auth(struct ptlrpc_request *req, struct lvfs_ucred * uc,
149 audit_op op, struct lustre_id * id,
150 char * name, int namelen)
152 struct obd_device *obd = req->rq_export->exp_obd;
153 ptl_nid_t nid = req->rq_peer.peer_id.nid;
155 struct dentry * dparent, *dchild = NULL;
156 struct inode * inode;
157 struct audit_info info;
161 dparent = mds_id2dentry(obd, id, NULL);
162 if (IS_ERR(dparent) || !dparent->d_inode) {
163 CERROR("can't find inode "LPU64"\n", id_ino(id));
164 if (!IS_ERR(dparent))
168 inode = dparent->d_inode;
171 info.m.uid = uc->luc_uid;
172 info.m.gid = uc->luc_gid;
173 info.m.result = -EPERM;
176 info.namelen = namelen;
178 if (name && namelen > 0) {
179 dchild = ll_lookup_one_len(name, dparent, namelen);
180 if (!IS_ERR(dchild)) {
181 if (dchild->d_flags & DCACHE_CROSS_REF) {
182 //TODO: we should know audit setting for this
183 //so remote call is needed
185 inode = dchild->d_inode;
192 mds_pack_inode2id(obd, &info.m.id, inode, 1);
194 fsfilt_set_info(obd, inode->i_sb, inode,
195 10, "audit_info", sizeof(info), &info);
203 int mds_audit_reint(struct ptlrpc_request *req,
204 struct mds_update_record *rec)
206 audit_op code = AUDIT_UNKNOWN;
209 switch (rec->ur_opcode) {
211 code = AUDIT_SETATTR;
229 CERROR("Wrong opcode in reint\n");
233 rc = mds_audit_auth(req, &rec->ur_uc, code, rec->ur_id1,
234 rec->ur_name, rec->ur_namelen - 1);
238 static int mds_set_obj_audit(struct obd_device * obd, struct inode * inode,
241 struct audit_lov_msg msg = {
252 len = fsfilt_get_md(obd, inode, NULL, 0, EA_LOV);
256 CERROR("error getting inode %lu LOV: %d\n", inode->i_ino, len);
258 } else if (len == 0) {
259 CDEBUG(D_INODE, "no LOV in inode %lu\n", inode->i_ino);
265 CERROR("can't allocate memory\n");
266 GOTO(out, rc = -ENOMEM);
270 rc = fsfilt_get_md(obd, inode, lmm, len, EA_LOV);
274 CERROR("error getting inode %lu MD: %d\n", inode->i_ino, rc);
278 rc = obd_unpackmd(obd->u.mds.mds_dt_exp, &msg.lsm, lmm, len);
280 CERROR("error unpacking inode %lu MD: %d\n", inode->i_ino, rc);
284 obd_set_info(obd->u.mds.mds_dt_exp, 9, "audit_obj", sizeof(msg), &msg);
288 obd_free_memmd(obd->u.mds.mds_dt_exp, &msg.lsm);
296 //set audit attributes for directory/file
297 int mds_set_audit(struct obd_device * obd, void * val)
299 struct inode * inode = NULL;
300 struct dentry * dentry = NULL;
301 //struct lvfs_run_ctxt saved;
302 struct audit_attr_msg * msg = val;
306 //push_ctxt(&saved, &obd->obd_lvfs_ctxt, NULL);
308 dentry = mds_id2dentry(obd, &msg->id, NULL);
309 if (IS_ERR(dentry)) {
310 CERROR("Cannot get dentry\n");
311 RETURN(PTR_ERR(dentry));
314 inode = dentry->d_inode;
315 fsfilt_set_info(obd, inode->i_sb, inode,
316 5, "audit", sizeof(msg->attr), &msg->attr);
318 if (S_ISREG(inode->i_mode) && !IS_AUDIT_OP(msg->attr, AUDIT_FS))
319 mds_set_obj_audit(obd, inode, &msg->attr);
323 //pop_ctxt(&saved, &obd->obd_lvfs_ctxt, NULL);
328 int mds_pack_audit(struct obd_device * obd, struct inode * inode,
329 struct mds_body * body)
332 int len = sizeof(mask);
335 rc = fsfilt_get_info(obd, inode->i_sb, inode,
336 5, "audit", &len, &mask);
339 body->valid |= OBD_MD_FLAUDIT;