From 4a5e88f2e037da59fea8ce00420ebd4ec2fe791c Mon Sep 17 00:00:00 2001 From: tappro Date: Thu, 25 Aug 2005 09:41:12 +0000 Subject: [PATCH] b=7390 - move reint auditing into mds_audit - auth audit should use child inode if it exists to recognize correct audit setting --- lustre/mds/handler.c | 34 +------------------------ lustre/mds/mds_audit.c | 64 ++++++++++++++++++++++++++++++++++++++++++----- lustre/mds/mds_internal.h | 2 +- 3 files changed, 60 insertions(+), 40 deletions(-) diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c index e4eddc3..103abed 100644 --- a/lustre/mds/handler.c +++ b/lustre/mds/handler.c @@ -2119,39 +2119,7 @@ int mds_reint(struct ptlrpc_request *req, int offset, rc = mds_init_ucred(&rec->ur_uc, req, rsd); if (rc) { - audit_op code = AUDIT_NONE; - char * au_name = NULL; - int au_len = 0; - switch (rec->ur_opcode) { - case REINT_SETATTR: - code = AUDIT_SETATTR; - break; - case REINT_CREATE: - code = AUDIT_CREATE; - au_name = rec->ur_name; - au_len = rec->ur_namelen; - break; - case REINT_LINK: - code = AUDIT_LINK; - break; - case REINT_UNLINK: - code = AUDIT_UNLINK; - break; - case REINT_RENAME: - code = AUDIT_RENAME; - break; - case REINT_OPEN: - au_name = rec->ur_name; - au_len = rec->ur_namelen; - code = AUDIT_OPEN; - break; - default: - CERROR("Wrong opcode in reint\n"); - LBUG(); - } - - mds_audit_auth(req, &rec->ur_uc, code, rec->ur_id1, - au_name, au_len); + mds_audit_reint(req, rec); GOTO(out, rc); } diff --git a/lustre/mds/mds_audit.c b/lustre/mds/mds_audit.c index a8bd018..243d96d 100644 --- a/lustre/mds/mds_audit.c +++ b/lustre/mds/mds_audit.c @@ -124,34 +124,86 @@ int mds_audit_auth(struct ptlrpc_request *req, struct lvfs_ucred * uc, struct obd_device *obd = req->rq_export->exp_obd; ptl_nid_t nid = req->rq_peer.peer_id.nid; int rc = 0; - struct dentry * dparent; + struct dentry * dparent, *dchild = NULL; struct inode * inode; struct audit_info info; ENTRY; dparent = mds_id2dentry(obd, id, NULL); - if (IS_ERR(dparent)) { - rc = PTR_ERR(dparent); - GOTO(out, rc); + if (IS_ERR(dparent) || !dparent->d_inode) { + CERROR("can't find inode "LPU64"\n", id_ino(id)); + if (!IS_ERR(dparent)) + l_dput(dparent); + RETURN(-ENOENT); } inode = dparent->d_inode; info.m.nid = nid; info.m.uid = uc->luc_uid; info.m.gid = uc->luc_gid; - info.m.id = (*id); info.m.result = -EPERM; info.m.code = op; info.name = name; info.namelen = namelen; + + if (name && namelen > 0) { + dchild = ll_lookup_one_len(name, dparent, namelen); + if (!IS_ERR(dchild)) { + if (dchild->d_flags & DCACHE_CROSS_REF) { + //TODO: we should know audit setting for this + //so remote call is needed + } else { + inode = dchild->d_inode; + info.name = NULL; + info.namelen = 0; + } + } + } + + mds_pack_inode2id(obd, &info.m.id, inode, 1); fsfilt_set_info(obd, inode->i_sb, inode, 10, "audit_info", sizeof(info), &info); l_dput(dparent); EXIT; - out: + + return rc; +} + +int mds_audit_reint(struct ptlrpc_request *req, + struct mds_update_record *rec) +{ + audit_op code = AUDIT_UNKNOWN; + int rc = 0; + + switch (rec->ur_opcode) { + case REINT_SETATTR: + code = AUDIT_SETATTR; + break; + case REINT_CREATE: + code = AUDIT_CREATE; + break; + case REINT_LINK: + code = AUDIT_LINK; + break; + case REINT_UNLINK: + code = AUDIT_UNLINK; + break; + case REINT_RENAME: + code = AUDIT_RENAME; + break; + case REINT_OPEN: + code = AUDIT_OPEN; + break; + default: + CERROR("Wrong opcode in reint\n"); + LBUG(); + } + + rc = mds_audit_auth(req, &rec->ur_uc, code, rec->ur_id1, + rec->ur_name, rec->ur_namelen); return rc; } diff --git a/lustre/mds/mds_internal.h b/lustre/mds/mds_internal.h index f20e42e..d22a0f2 100644 --- a/lustre/mds/mds_internal.h +++ b/lustre/mds/mds_internal.h @@ -347,7 +347,7 @@ int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *, struct inode *, char*, int, int); int mds_audit_open(struct ptlrpc_request *, struct lustre_id *, struct inode *, char*, int, int); - +int mds_audit_reint(struct ptlrpc_request *, struct mds_update_record *); /* mds_acl.c */ struct upcall_cache *__mds_get_global_rmtacl_upcall_cache(void); int mds_init_rmtacl_upcall_cache(void); -- 1.8.3.1