From: tappro <tappro>
Date: Sat, 13 Aug 2005 10:54:27 +0000 (+0000)
Subject: b=7214
X-Git-Tag: 1.4.10~736
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=0737fef9a80844ce2bab1b0ef64802caaaf01f3f;p=fs%2Flustre-release.git

b=7214
- store node id in audit records on OSS
- move audit hook from filter_commitrw() to fsfilt_smfs_map_inode_pages()
- fix invalid nid in osc_get_info()
- rework stat/open audit hooks to store file lustre id, not parent one
- audit errors while stat/open
---

diff --git a/lustre/include/linux/obd.h b/lustre/include/linux/obd.h
index 0256dec..0cf0187 100644
--- a/lustre/include/linux/obd.h
+++ b/lustre/include/linux/obd.h
@@ -634,6 +634,8 @@ struct obd_trans_info {
         struct llog_cookie      *oti_logcookies;
         int                      oti_numcookies;
         int                      oti_flags;
+        /* save nid for security purposes like audit */
+        __u64                    oti_nid; 
 };
 
 static inline void oti_alloc_cookies(struct obd_trans_info *oti,int num_cookies)
diff --git a/lustre/llite/llite_audit.c b/lustre/llite/llite_audit.c
index 66bbfa4..e04dc9f 100644
--- a/lustre/llite/llite_audit.c
+++ b/lustre/llite/llite_audit.c
@@ -84,7 +84,6 @@ int ll_check_audit(struct inode * inode, audit_op op, int ret)
 int ll_audit_log (struct inode * inode, audit_op code, int ret)
 {
         struct audit_msg msg;
-        //struct lustre_id * id = &msg.id;
         struct obd_export * exp = ll_i2dtexp(inode);
         int rc = 0;
         
@@ -92,9 +91,9 @@ int ll_audit_log (struct inode * inode, audit_op code, int ret)
                 msg.id = ll_i2info(inode)->lli_id;
                 msg.code = code;
                 msg.result = ret;
-                msg.uid = current->fsuid;
-                msg.gid = current->fsgid;
-                msg.nid = 0xFEED;
+                msg.uid = current->uid;
+                msg.gid = current->gid;
+                msg.nid = 0;
                 
                 rc = obd_set_info(exp, 8, "auditlog", sizeof(msg), &msg);
         }
diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c
index 39e86ce..d943ccf 100644
--- a/lustre/mds/handler.c
+++ b/lustre/mds/handler.c
@@ -58,18 +58,8 @@
 #include <linux/lustre_acl.h>
 #include <linux/lustre_sec.h>
 #include <linux/lustre_gs.h>
-#include <linux/lustre_audit.h>
-
 #include "mds_internal.h"
 
-extern int mds_audit_auth(struct ptlrpc_request *, struct lvfs_ucred *,
-                          audit_op, struct lustre_id *,
-                          char *, int);
-extern int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *,
-                          struct dentry *, int);
-extern int mds_audit_open(struct ptlrpc_request *, struct mds_update_record *,
-                          int);
-
 static int mds_intent_policy(struct ldlm_namespace *ns,
                              struct ldlm_lock **lockp, void *req_cookie,
                              ldlm_mode_t mode, int flags, void *data);
@@ -1698,6 +1688,17 @@ static int mds_getattr_lock(struct ptlrpc_request *req, int offset,
         GOTO(cleanup, rc);
 
  cleanup:
+        /* audit stuff for getattr */
+        if (resent_req == 0 && (dparent || dchild)) {
+                struct inode * au_inode = NULL;
+                
+                if (dchild && dchild->d_inode)
+                        au_inode = dchild->d_inode;
+                else
+                        au_inode = dparent->d_inode;
+                
+                mds_audit_stat(req, &body->id1, au_inode, name, namesize, rc);
+        }
         switch (cleanup_phase) {
         case 2:
                 if (resent_req == 0) {
@@ -1711,10 +1712,6 @@ static int mds_getattr_lock(struct ptlrpc_request *req, int offset,
 #endif
                         if (dparent)
                                 l_dput(dparent);
-
-                        /* audit stuff for getattr */
-                        if (dchild->d_inode)
-                                mds_audit_stat(req, &body->id1, dchild, rc);
                 }
                 l_dput(dchild);
         case 1:
@@ -2151,11 +2148,7 @@ int mds_reint(struct ptlrpc_request *req, int offset,
         /* rc will be used to interrupt a for loop over multiple records */
         rc = mds_reint_rec(rec, offset, req, lockh);
 
-        /* audit stuff for OPEN */
-        if (offset == 3 && rec->ur_opcode == REINT_OPEN)
-                mds_audit_open(req, rec, rc);
-
- out:
+out:
         mds_exit_ucred(&rec->ur_uc);
         OBD_FREE(rec, sizeof(*rec));
         RETURN(rc);
diff --git a/lustre/mds/mds_audit.c b/lustre/mds/mds_audit.c
index 71d1697..ddff7f4 100644
--- a/lustre/mds/mds_audit.c
+++ b/lustre/mds/mds_audit.c
@@ -52,68 +52,68 @@
 #include <linux/lprocfs_status.h>
 #include <linux/lustre_commit_confd.h>
 #include <linux/lustre_acl.h>
-#include <linux/lustre_audit.h>
 #include "mds_internal.h"
 
 int mds_audit_stat(struct ptlrpc_request *req, struct lustre_id * id,
-                   struct dentry * dentry, int ret)
+                   struct inode *inode, char *name, int namelen, int ret)
 {
         struct obd_device *obd = req->rq_export->exp_obd;
-        struct inode * inode = dentry->d_inode;
         ptl_nid_t nid = req->rq_peer.peer_id.nid;
-        struct audit_info info;
+        struct audit_info info = {
+                .name = NULL,
+                .namelen = 0,
+        };
         int rc = 0, len = sizeof(info);
+        
         ENTRY;
         
         LASSERT(inode);
         LASSERT(id);
-        memcpy(&info.m.id, id, sizeof(*id));
+        info.m.id = *id;
         info.m.nid = nid;
         info.m.uid = current->uid;
         info.m.gid = current->gid;
         info.m.result = ret;
         info.m.code = AUDIT_STAT;
-   
-        //send info to local fs
+        if (ret) {
+                info.name = name;
+                info.namelen = namelen;
+        }
+        // send info to local fs
         fsfilt_set_info(obd, inode->i_sb, inode,
                         10, "audit_info", len, (void*)&info);
 
         RETURN(rc);
 }
 
-int mds_audit_open(struct ptlrpc_request *req, struct mds_update_record * rec,
-                   int ret)
+int mds_audit_open(struct ptlrpc_request *req, struct lustre_id * id,
+                   struct inode *inode, char *name, int namelen, int ret)
 {
         struct obd_device *obd = req->rq_export->exp_obd;
-        struct inode * inode = NULL;
         ptl_nid_t nid = req->rq_peer.peer_id.nid;
-        struct audit_info info;
+        struct audit_info info = {
+                .name = NULL,
+                .namelen = 0,
+        };
         int rc = 0, len = sizeof(info);
         
-        struct dentry * dparent = NULL;
-        
-        dparent = mds_id2dentry(obd, rec->ur_id1, NULL);
-        if (IS_ERR(dparent)) {
-                rc = PTR_ERR(dparent);
-                RETURN(rc);
-        }
-        inode = dparent->d_inode;
-        
-        info.m.id = *(rec->ur_id1);
+        ENTRY;
+
+        LASSERT(inode);        
+        info.m.id = (*id);
         info.m.nid = nid;
-        info.m.uid = rec->ur_uc.luc_uid;
-        info.m.gid = rec->ur_uc.luc_gid;
+        info.m.uid = current->uid;
+        info.m.gid = current->gid;
         info.m.result = ret;
         info.m.code = AUDIT_OPEN;
-        info.name = rec->ur_name;
-        info.namelen = rec->ur_namelen;
+        if (ret) {
+                info.name = name;
+                info.namelen = namelen;
+        }
         
-        //send info to local fs
         fsfilt_set_info(obd, inode->i_sb, inode,
                         10, "audit_info", len, (void*)&info);
-
-        l_dput(dparent);
-
+        
         RETURN(rc);
 }
 
diff --git a/lustre/mds/mds_internal.h b/lustre/mds/mds_internal.h
index 8970f51..4b910f2 100644
--- a/lustre/mds/mds_internal.h
+++ b/lustre/mds/mds_internal.h
@@ -6,6 +6,7 @@
 #define _MDS_INTERNAL_H
 
 #include <linux/lustre_mds.h>
+#include <linux/lustre_audit.h>
 
 #define MDS_SERVICE_WATCHDOG_TIMEOUT 30000
 
@@ -340,6 +341,12 @@ int mds_parse_id(struct ptlrpc_request *req);
 /* mds_audit.c */
 int mds_set_audit(struct obd_device * obd, void * val);
 int mds_pack_audit(struct obd_device *, struct inode *, struct mds_body *);
+int mds_audit_auth(struct ptlrpc_request *, struct lvfs_ucred *,
+                   audit_op, struct lustre_id *, char *, int);
+int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *,
+                   struct inode *, char*, int, int);
+int mds_audit_open(struct ptlrpc_request *, struct lustre_id *,
+                   struct inode *, char*, int, int);
 
 /* mds_acl.c */
 struct upcall_cache *__mds_get_global_rmtacl_upcall_cache(void);
diff --git a/lustre/mds/mds_open.c b/lustre/mds/mds_open.c
index 816bb60..90fbf58 100644
--- a/lustre/mds/mds_open.c
+++ b/lustre/mds/mds_open.c
@@ -1443,6 +1443,22 @@ cleanup_no_trans:
                 } else if (created) {
                         mds_lock_new_child(obd, dchild->d_inode, NULL);
                 }
+                /* audit stuff for OPEN */
+                if (offset == 3 && (dchild->d_inode || dparent)) {
+                        struct lustre_id au_id;
+                        struct inode * au_inode = dchild->d_inode;
+
+                        if (au_inode == NULL)
+                                au_inode = dparent->d_inode;
+                        
+                        if (fid)
+                                mds_inode2id(obd, &au_id, au_inode, fid);
+                        else
+                                au_id = *(rec->ur_id1);
+                        mds_audit_open(req, &au_id, au_inode, 
+                                       rec->ur_name, rec->ur_namelen, rc);
+                }
+
                 l_dput(dchild);
         case 1:
                 if (dparent == NULL)
diff --git a/lustre/obdfilter/filter.c b/lustre/obdfilter/filter.c
index 64b82d6f..7751d20 100644
--- a/lustre/obdfilter/filter.c
+++ b/lustre/obdfilter/filter.c
@@ -2206,7 +2206,9 @@ int filter_setattr(struct obd_export *exp, struct obdo *oa,
 
         filter = &exp->exp_obd->u.filter;
         push_ctxt(&saved, &exp->exp_obd->obd_lvfs_ctxt, NULL);
-
+        /* pass nid through */
+        current->user->nid = oti->oti_nid;
+        
         /* make sure that object is allocated. */
         dentry = filter_crow_object(exp->exp_obd, oa);
         if (IS_ERR(dentry))
@@ -2439,8 +2441,8 @@ struct dentry *
 filter_crow_object(struct obd_device *obd, struct obdo *oa)
 {
         struct dentry *dentry;
-        obd_uid uid;
-        obd_gid gid;
+        /* obd_uid uid; */
+        /* obd_gid gid; */
         int rc = 0;
         ENTRY;
 
@@ -2456,10 +2458,10 @@ filter_crow_object(struct obd_device *obd, struct obdo *oa)
         CDEBUG(D_INODE, "OSS object "LPU64"/"LPU64
                " does not exists - allocate it now\n",
                oa->o_id, oa->o_gr);
-
+        /*
         uid = oa->o_valid & OBD_MD_FLUID ? oa->o_uid : 0;
         gid = oa->o_valid & OBD_MD_FLGID ? oa->o_gid : 0;
-
+        */
         rc = filter_create_object(obd, oa);
         if (rc) {
                 CERROR("cannot create OSS object "LPU64"/"LPU64
@@ -2837,12 +2839,11 @@ static int filter_set_info(struct obd_export *exp, __u32 keylen,
         }
 
         if (keylen == 8 && memcmp(key, "auditlog", 8) == 0) {
-                                               
                 rc = fsfilt_set_info(obd, obd->u.filter.fo_sb, NULL,
                                      8, "auditlog", vallen, val);
                 RETURN(rc);
         } else if (keylen == 5 && strcmp(key, "audit") == 0) {
-                //set audit for whole FS on OSS
+                /* set audit for whole FS on OSS */
                 struct audit_attr_msg * msg = val;
 
                 rc = fsfilt_set_info(obd, obd->u.filter.fo_sb, NULL,
@@ -2919,7 +2920,6 @@ static int filter_get_info(struct obd_export *exp, __u32 keylen,
                 RETURN(0);
         }
         if (keylen >= strlen("cache_sb") && memcmp(key, "cache_sb", 8) == 0) {
-                /*Get log_context handle*/
                 unsigned long *sb = val;
                 *vallen = sizeof(unsigned long);
                 *sb = (unsigned long)obd->u.filter.fo_sb;
diff --git a/lustre/obdfilter/filter_io.c b/lustre/obdfilter/filter_io.c
index 41659a4..dea31de 100644
--- a/lustre/obdfilter/filter_io.c
+++ b/lustre/obdfilter/filter_io.c
@@ -892,21 +892,24 @@ int filter_commitrw(int cmd, struct obd_export *exp, struct obdo *oa,
                     struct niobuf_local *res, struct obd_trans_info *oti,int ret)
 {
         int rc = -EPROTO;
-        struct lustre_id *id = obdo_id(oa);
-        __u32 len = sizeof(*id);
-        struct inode * inode = res->dentry->d_inode;
-        struct super_block * sb = res->dentry->d_sb;
-        struct obd_device *obd = class_exp2obd(exp);
+        /* remove that audit handlers due to fsfilt_inode_map_pages hooks
+        //struct lustre_id *id = obdo_id(oa);
+        //__u32 len = sizeof(*id);
+        //struct inode * inode = res->dentry->d_inode;
+        //struct super_block * sb = res->dentry->d_sb;
+        //struct obd_device *obd = class_exp2obd(exp);
+        */
+        current->user->nid = oti->oti_nid;
         
         if (cmd == OBD_BRW_WRITE) {
                 rc = filter_commitrw_write(exp, oa, objcount, obj, niocount,
                                            res, oti, ret);
-                fsfilt_set_info(obd, sb, inode, 10, "file_write", len, (void*)id);
+                /* fsfilt_set_info(obd, sb, inode, 10, "file_write", len, (void*)id); */
         }
         else if (cmd == OBD_BRW_READ) {
                 rc = filter_commitrw_read(exp, oa, objcount, obj, niocount,
                                           res, oti, ret);
-                fsfilt_set_info(obd, sb, inode, 9, "file_read", len, (void*)id);
+                /* fsfilt_set_info(obd, sb, inode, 9, "file_read", len, (void*)id); */
         }
         else
                 LBUG();
diff --git a/lustre/osc/osc_request.c b/lustre/osc/osc_request.c
index f982ec1..313a705 100644
--- a/lustre/osc/osc_request.c
+++ b/lustre/osc/osc_request.c
@@ -2929,7 +2929,7 @@ static int osc_get_info(struct obd_export *exp, __u32 keylen,
         out:
                 ptlrpc_req_finished(req);
                 RETURN(rc);
-        } else if (keylen >= strlen("client_nid") &&
+        } else if (keylen == 10 &&
                    strcmp(key, "client_nid") == 0) {
                 struct ptlrpc_connection * conn;
                 ptl_nid_t * nid = val;
@@ -2939,7 +2939,7 @@ static int osc_get_info(struct obd_export *exp, __u32 keylen,
                 if (!conn) 
                         RETURN(-ENOTCONN);
                 
-                nid = &conn->c_peer.peer_id.nid;
+                *nid = &conn->c_peer.peer_id.nid;
                 
                 RETURN(0);
         }
diff --git a/lustre/ost/ost_handler.c b/lustre/ost/ost_handler.c
index 0aa69d2..19cf54a 100644
--- a/lustre/ost/ost_handler.c
+++ b/lustre/ost/ost_handler.c
@@ -52,7 +52,7 @@ void oti_init(struct obd_trans_info *oti, struct ptlrpc_request *req)
         if (oti == NULL)
                 return;
         memset(oti, 0, sizeof *oti);
-
+        oti->oti_nid = req->rq_peer.peer_id.nid;
         if (req->rq_repmsg && req->rq_reqmsg != 0)
                 oti->oti_transno = req->rq_repmsg->transno;
 }
diff --git a/lustre/smfs/audit.c b/lustre/smfs/audit.c
index 0e9d572..035e994 100644
--- a/lustre/smfs/audit.c
+++ b/lustre/smfs/audit.c
@@ -71,9 +71,11 @@ static audit_op hook2audit(hook_op hook)
                         return AUDIT_SETATTR;
                         
                 case HOOK_SI_WRITE:
+                case HOOK_WRITE:
                         return AUDIT_WRITE;
                         
                 case HOOK_SI_READ:
+                case HOOK_READ:
                         return AUDIT_READ;
 
                 case HOOK_READDIR:
@@ -562,6 +564,8 @@ int audit_client_log(struct super_block * sb, struct audit_msg * msg)
         rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
         pbuf += sizeof(*rec);
         
+        CDEBUG(D_VFSTRACE, "AUDITLOG:"DLID4"\n", OLID4(&msg->id));
+
         switch (msg->code) {
                 case AUDIT_READ:    
                 case AUDIT_WRITE:
diff --git a/lustre/smfs/audit_mds.c b/lustre/smfs/audit_mds.c
index 38148a9..4691cea 100644
--- a/lustre/smfs/audit_mds.c
+++ b/lustre/smfs/audit_mds.c
@@ -236,6 +236,7 @@ int audit_mds_special_rec(struct inode * inode, void * arg,
         {
                 case AUDIT_OPEN:
                 case AUDIT_CREATE:
+                case AUDIT_STAT:
                         if (info->name && info->namelen > 0) { 
                                 len += audit_fill_name_rec(&pbuf,
                                                            info->name,
diff --git a/lustre/smfs/audit_ost.c b/lustre/smfs/audit_ost.c
index 41348bf..6c89d59 100644
--- a/lustre/smfs/audit_ost.c
+++ b/lustre/smfs/audit_ost.c
@@ -120,9 +120,13 @@ int static audit_ost_rw_rec(struct inode * inode, void * arg,
         struct audit_record * rec = (void*)buffer;
         char * pbuf = buffer + sizeof(*rec); 
         int len = sizeof(*rec);
+        struct lustre_id id;
+
+        if (audit_ost_get_id(inode, &id) < 0) 
+                CERROR("Cannot get lustre id from object EA\n");
 
         rec->opcode = msg->write ? AUDIT_WRITE : AUDIT_READ;
-        len += audit_rec_from_id(&pbuf, msg->id);
+        len += audit_rec_from_id(&pbuf, &id);
         *type = SMFS_AUDIT_GEN_REC;
         
         return len;
@@ -131,6 +135,8 @@ int static audit_ost_rw_rec(struct inode * inode, void * arg,
 static audit_get_op audit_ost_record[HOOK_MAX] = {
         [HOOK_SI_READ]      audit_ost_rw_rec,
         [HOOK_SI_WRITE]     audit_ost_rw_rec,
+        [HOOK_READ]         audit_ost_rw_rec,
+        [HOOK_WRITE]        audit_ost_rw_rec,
         [HOOK_CREATE]       NULL, /* audit_ost_create_rec, */
         [HOOK_UNLINK]       audit_ost_unlink_rec,
         [HOOK_SETATTR]      audit_ost_setattr_rec,
diff --git a/lustre/smfs/audit_transfer.c b/lustre/smfs/audit_transfer.c
index aeaa17f..d5cca9a 100644
--- a/lustre/smfs/audit_transfer.c
+++ b/lustre/smfs/audit_transfer.c
@@ -162,6 +162,7 @@ transfer_record(struct obd_device *obd, struct audit_record *rec, int type, void
                 int namelen = 0;
         
                 REC2ID(id_rec, &id);
+                
                 rc = audit_id2name(obd, &name, &namelen, &id);
                 if (rc < 0) {
                         strncat(buf, "unknown", PAGE_SIZE - n);
diff --git a/lustre/smfs/fsfilt.c b/lustre/smfs/fsfilt.c
index b454b8d..8190181 100644
--- a/lustre/smfs/fsfilt.c
+++ b/lustre/smfs/fsfilt.c
@@ -387,13 +387,13 @@ int fsfilt_smfs_map_inode_pages(struct inode *inode, struct page **page,
         struct  fsfilt_operations *cache_fsfilt = I2FOPS(inode);
         struct  inode *cache_inode = NULL;
         int     rc = -EIO;
-        /*
         struct hook_rw_msg  msg = {
                 .write = create,
         };
-        */
+        hook_op hook = create ? HOOK_WRITE : HOOK_READ;
         ENTRY;
         
+        
         if (!cache_fsfilt)
                 RETURN(-EINVAL);
 
@@ -405,13 +405,13 @@ int fsfilt_smfs_map_inode_pages(struct inode *inode, struct page **page,
         if (!cache_fsfilt->fs_map_inode_pages)
                 RETURN(-ENOSYS);
 
+        SMFS_PRE_HOOK(inode, hook, &msg);
         down(&cache_inode->i_sem);
-        //SMFS_PRE_HOOK(inode, HOOK_MAP_PAGES, &msg);
 
         rc = cache_fsfilt->fs_map_inode_pages(cache_inode, page, pages, blocks,
                                               created, create, sem);
-
         up(&cache_inode->i_sem);
+        SMFS_POST_HOOK(inode, hook, &msg, rc);
 
         RETURN(rc);
 }
diff --git a/lustre/smfs/smfs_lib.c b/lustre/smfs/smfs_lib.c
index 9057928..0e63db9 100644
--- a/lustre/smfs/smfs_lib.c
+++ b/lustre/smfs/smfs_lib.c
@@ -308,7 +308,7 @@ err_free_cache_fstype:
         OBD_FREE(smb->smsi_cache_ftype, strlen(typestr) + 1);
 err_umount_cache:
         mntput(mnt);
-err_out:
+
         return err;
 }