From db5f92d5334b9a529f97b08241c44f06d08991c0 Mon Sep 17 00:00:00 2001 From: tappro Date: Tue, 9 Aug 2005 22:42:00 +0000 Subject: [PATCH] - rc code is not failure is > 0 - only files on OSS should be audited - audit_fill_id_rec is valid only on mds. Moved to mds_audit.c - audit_ost_get_id() gets lustre id for OSS object for audit log --- lustre/llite/llite_audit.c | 2 +- lustre/smfs/audit.c | 15 +++++++++++---- lustre/smfs/audit_mds.c | 23 +++++++++++++++++++++++ lustre/smfs/audit_ost.c | 37 ++++++++++++++++++++++++++++--------- lustre/smfs/audit_transfer.c | 2 +- lustre/smfs/smfs_api.h | 23 ----------------------- 6 files changed, 64 insertions(+), 38 deletions(-) diff --git a/lustre/llite/llite_audit.c b/lustre/llite/llite_audit.c index 0c7cd9a..66bbfa4 100644 --- a/lustre/llite/llite_audit.c +++ b/lustre/llite/llite_audit.c @@ -71,7 +71,7 @@ int ll_check_audit(struct inode * inode, audit_op op, int ret) return 0; //if audit is only for failures? - if (!ret && IS_AUDIT_OP(mask, AUDIT_FAIL)) + if (ret >= 0 && IS_AUDIT_OP(mask, AUDIT_FAIL)) return 0; return (IS_AUDIT_OP(mask,op)); diff --git a/lustre/smfs/audit.c b/lustre/smfs/audit.c index a709f91..e37eed1 100644 --- a/lustre/smfs/audit.c +++ b/lustre/smfs/audit.c @@ -123,12 +123,13 @@ struct inode * get_inode_from_hook(hook_op hook, void * msg) return inode; } - +/* is called also from fsfilt_smfs_get_info */ int smfs_get_audit(struct super_block * sb, struct inode * parent, struct inode * inode, __u64 * mask) { struct smfs_super_info * smb = S2SMI(sb); struct fsfilt_operations *fsfilt = smb->sm_fsfilt; + struct obd_device * obd = smb->smsi_exp->exp_obd; int rc; struct audit_priv * priv = NULL; @@ -139,7 +140,7 @@ int smfs_get_audit(struct super_block * sb, struct inode * parent, priv = smfs_get_plg_priv(S2SMI(sb), SMFS_PLG_AUDIT); - //omit __iopen__ dir + /* omit __iopen__ dir */ if (parent->i_ino == SMFS_IOPEN_INO) RETURN(-ENOENT); @@ -147,16 +148,20 @@ int smfs_get_audit(struct super_block * sb, struct inode * parent, RETURN(-ENOENT); if (IS_AUDIT(priv->a_mask)) { + /* no audit for directories on OSS */ + if (inode && S_ISDIR(inode->i_mode) && + !strcmp(obd->obd_type->typ_name, OBD_FILTER_DEVICENAME)) + RETURN(-EINVAL); (*mask) = priv->a_mask; RETURN(0); } - //get inode audit EA + /* get inode audit EA */ rc = fsfilt->fs_get_xattr(parent, AUDIT_ATTR_EA, mask, sizeof(*mask)); if (rc <= 0) RETURN(-ENODATA); - //check if parent has audit + /* check if parent has audit */ if (IS_AUDIT(*mask)) RETURN(0); @@ -527,6 +532,8 @@ int audit_client_log(struct super_block * sb, struct audit_msg * msg) //char name[32]; struct audit_priv * priv; + ENTRY; + do_gettimeofday(&cur_time); priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT); diff --git a/lustre/smfs/audit_mds.c b/lustre/smfs/audit_mds.c index 729ffc8..38148a9 100644 --- a/lustre/smfs/audit_mds.c +++ b/lustre/smfs/audit_mds.c @@ -40,6 +40,29 @@ #include #include "smfs_internal.h" +static inline int audit_fill_id_rec (char **pbuf, struct inode * inode) +{ + struct fsfilt_operations *fsfilt = I2FOPS(inode); + struct audit_id_record * rec = (void*)(*pbuf); + int len = sizeof(*rec); + struct lustre_fid fid; + int rc = 0; + + rec->au_num = inode->i_ino; + rec->au_type = (S_IFMT & inode->i_mode); + rec->au_gen = inode->i_generation; + + //fid & mdsnum + rc = fsfilt->fs_get_md(I2CI(inode), &fid, sizeof(fid), EA_SID); + if (rc > 0) { + rec->au_fid = fid.lf_id; + rec->au_mds = fid.lf_group; + } + + *pbuf += len; + return len; +} + int static audit_mds_create_rec(struct inode * parent, void * arg, struct audit_priv * priv, char * buffer, __u32 * type) diff --git a/lustre/smfs/audit_ost.c b/lustre/smfs/audit_ost.c index 7cb32a2..41348bf 100644 --- a/lustre/smfs/audit_ost.c +++ b/lustre/smfs/audit_ost.c @@ -40,6 +40,16 @@ #include #include "smfs_internal.h" +static int audit_ost_get_id(struct inode * inode, struct lustre_id * id) +{ + struct fsfilt_operations *fsfilt = S2SMI(inode->i_sb)->sm_fsfilt; + + ENTRY; + if(fsfilt->fs_get_md(inode, id, sizeof(*id), EA_SID) <= 0) + RETURN(-ENODATA); + RETURN(0); +} + static int audit_ost_create_rec(struct inode * parent, void * arg, struct audit_priv * priv, char * buffer, __u32 * type) @@ -48,11 +58,14 @@ static int audit_ost_create_rec(struct inode * parent, void * arg, struct audit_record * rec = (void*)buffer; char * pbuf = buffer + sizeof(*rec); struct inode * inode = msg->dentry->d_inode; + struct lustre_id id; int len = sizeof(*rec); - //TODO: useless until lustre inode id is in EA + if (audit_ost_get_id(inode, &id) < 0) + CERROR("Cannot get lustre id from object EA\n"); + rec->opcode = AUDIT_CREATE; - len += audit_fill_id_rec(&pbuf, inode); + len += audit_rec_from_id(&pbuf, &id); *type = SMFS_AUDIT_GEN_REC; return len; } @@ -66,11 +79,14 @@ static int audit_ost_unlink_rec(struct inode * parent, void * arg, struct audit_record * rec = (void*)buffer; char * pbuf = buffer + sizeof(*rec); int len = sizeof(*rec); + struct lustre_id id; - //TODO: useless until lustre inode id is in EA - rec->opcode = AUDIT_UNLINK; - len += audit_fill_id_rec(&pbuf, inode); - len += audit_fill_id_rec(&pbuf, parent); + if (audit_ost_get_id(inode, &id) < 0) + CERROR("Cannot get lustre id from object EA\n"); + + rec->opcode = AUDIT_UNLINK; + len += audit_rec_from_id(&pbuf, &id); + //len += audit_fill_id_rec(&pbuf, parent); *type = SMFS_AUDIT_GEN_REC; return len; @@ -84,10 +100,13 @@ int static audit_ost_setattr_rec(struct inode * inode, void * arg, struct audit_record * rec = (void*)buffer; char * pbuf = buffer + sizeof(*rec); int len = sizeof(*rec); + struct lustre_id id; - //TODO: useless until lustre inode id is in EA + if (audit_ost_get_id(inode, &id) < 0) + CERROR("Cannot get lustre id from object EA\n"); + rec->opcode = AUDIT_SETATTR; - len += audit_fill_id_rec(&pbuf, inode); + len += audit_rec_from_id(&pbuf, &id); *type = SMFS_AUDIT_GEN_REC; return len; @@ -112,7 +131,7 @@ int static audit_ost_rw_rec(struct inode * inode, void * arg, static audit_get_op audit_ost_record[HOOK_MAX] = { [HOOK_SI_READ] audit_ost_rw_rec, [HOOK_SI_WRITE] audit_ost_rw_rec, - [HOOK_CREATE] audit_ost_create_rec, + [HOOK_CREATE] NULL, /* audit_ost_create_rec, */ [HOOK_UNLINK] audit_ost_unlink_rec, [HOOK_SETATTR] audit_ost_setattr_rec, [HOOK_F_SETATTR] audit_ost_setattr_rec diff --git a/lustre/smfs/audit_transfer.c b/lustre/smfs/audit_transfer.c index c9c70d0..19320af 100644 --- a/lustre/smfs/audit_transfer.c +++ b/lustre/smfs/audit_transfer.c @@ -112,7 +112,7 @@ const char *opstr[AUDIT_MAX] = { }; #define construct_header(buf, size, rec, id_rec) \ - snprintf(buf, size, "AUDIT:"LPU64":%u/%u:%s:%d:"DLID4":", \ + snprintf(buf, size, "AUDIT:"LPX64":%u/%u:%s:%d:"DLID4":", \ rec->nid, rec->uid, rec->gid, opstr[rec->opcode], (__s16)rec->result,\ (unsigned long)id_rec->au_fid, (unsigned long)id_rec->au_mds, \ (unsigned long)id_rec->au_num, (unsigned long)id_rec->au_gen); diff --git a/lustre/smfs/smfs_api.h b/lustre/smfs/smfs_api.h index 3c76c03..b81b21d 100644 --- a/lustre/smfs/smfs_api.h +++ b/lustre/smfs/smfs_api.h @@ -217,29 +217,6 @@ static inline int audit_rec_from_id (char **pbuf, struct lustre_id * id) return len; } -static inline int audit_fill_id_rec (char **pbuf, struct inode * inode) -{ - struct fsfilt_operations *fsfilt = I2FOPS(inode); - struct audit_id_record * rec = (void*)(*pbuf); - int len = sizeof(*rec); - struct lustre_fid fid; - int rc = 0; - - rec->au_num = inode->i_ino; - rec->au_type = (S_IFMT & inode->i_mode); - rec->au_gen = inode->i_generation; - - //fid & mdsnum - rc = fsfilt->fs_get_md(I2CI(inode), &fid, sizeof(fid), EA_SID); - if (rc > 0) { - rec->au_fid = fid.lf_id; - rec->au_mds = fid.lf_group; - } - - *pbuf += len; - return len; -} - static inline int audit_fill_name_rec (char **pbuf, const char * name, int nlen) { struct audit_name_record * n_rec = (void*)(*pbuf); -- 1.8.3.1