From: tappro <tappro>
Date: Fri, 26 Aug 2005 11:42:29 +0000 (+0000)
Subject: b=7390
X-Git-Tag: v1_7_100~819
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=c59b79fa10f5fb9b3962e5f0b4967c927568f4a8;p=fs%2Flustre-release.git

b=7390
- add special handler for auditing access failures
---

diff --git a/lustre/mds/mds_audit.c b/lustre/mds/mds_audit.c
index 696132a..e03e5f0 100644
--- a/lustre/mds/mds_audit.c
+++ b/lustre/mds/mds_audit.c
@@ -86,6 +86,34 @@ int mds_audit_stat(struct ptlrpc_request *req, struct lustre_id * id,
         RETURN(rc);
 }
 
+int mds_audit_perm(struct ptlrpc_request *req, struct inode *inode, audit_op op)
+{
+        struct obd_device *obd = req->rq_export->exp_obd;
+        ptl_nid_t nid = req->rq_peer.peer_id.nid;
+        struct audit_info info = {
+                .name = NULL,
+                .namelen = 0,
+        };
+        int rc = 0;
+        
+        ENTRY;
+        
+        LASSERT(inode);
+        info.m.nid = nid;
+        info.m.uid = current->uid;
+        info.m.gid = current->gid;
+        info.m.result = -EACCES;
+        info.m.code = op;
+        
+        /* failed access, log child id only */
+        mds_pack_inode2id(obd, &info.m.id, inode, 1);
+        
+        fsfilt_set_info(obd, inode->i_sb, inode,
+                        10, "audit_info", sizeof(info), (void*)&info);
+        
+        RETURN(rc);
+}
+
 int mds_audit_open(struct ptlrpc_request *req, struct lustre_id * id,
                    struct inode *inode, char *name, int namelen, int ret)
 {
diff --git a/lustre/mds/mds_internal.h b/lustre/mds/mds_internal.h
index d22a0f2..2e1e7b1 100644
--- a/lustre/mds/mds_internal.h
+++ b/lustre/mds/mds_internal.h
@@ -348,6 +348,7 @@ int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *,
 int mds_audit_open(struct ptlrpc_request *, struct lustre_id *,
                    struct inode *, char*, int, int);
 int mds_audit_reint(struct ptlrpc_request *, struct mds_update_record *);
+int mds_audit_perm(struct ptlrpc_request *, struct inode *, audit_op);
 /* mds_acl.c */
 struct upcall_cache *__mds_get_global_rmtacl_upcall_cache(void);
 int mds_init_rmtacl_upcall_cache(void);
diff --git a/lustre/mds/mds_reint.c b/lustre/mds/mds_reint.c
index 5bf399e..b5a3dc3 100644
--- a/lustre/mds/mds_reint.c
+++ b/lustre/mds/mds_reint.c
@@ -1314,6 +1314,8 @@ cleanup:
         }
         switch (cleanup_phase) {
         case 2: /* child dentry */
+                if (rc == -EACCES)
+                        mds_audit_perm(req, dchild->d_inode, AUDIT_CREATE);
                 l_dput(dchild);
         case 1: /* locked parent dentry */
 #ifdef S_PDIROPS
@@ -2426,6 +2428,7 @@ cleanup:
         if (!rc)
                 (void)obd_set_info(mds->mds_dt_exp, strlen("unlinked"),
                                    "unlinked", 0, NULL);
+        
         switch(cleanup_phase) {
         case 5: /* pending_dir semaphore */
                 up(&mds->mds_pending_dir->d_inode->i_sem);
@@ -2463,6 +2466,11 @@ cleanup:
                 if (dchild->d_inode && rc && (dchild->d_inode->i_nlink == 0 ||
                                 mds_inode_is_orphan(dchild->d_inode)))
                         CDEBUG(D_ERROR, "unlink, but return %d\n", rc);
+
+                /* catching failed permissions check for audit */
+                if (rc == -EACCES)
+                        mds_audit_perm(req, dchild->d_inode, AUDIT_UNLINK);
+
                 l_dput(dchild);
                 l_dput(dchild);
                 l_dput(dparent);