1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * lustre/smfs/audit_mds.c
5 * Lustre filesystem audit part for MDS
7 * Copyright (C) 2004 Cluster File Systems, Inc.
9 * This file is part of Lustre, http://www.lustre.org.
11 * Lustre is free software; you can redistribute it and/or
12 * modify it under the terms of version 2 of the GNU General Public
13 * License as published by the Free Software Foundation.
15 * Lustre is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with Lustre; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 # define EXPORT_SYMTAB
28 #define DEBUG_SUBSYSTEM S_SM
30 #include <linux/kmod.h>
31 #include <linux/init.h>
33 #include <linux/slab.h>
34 #include <linux/obd_class.h>
35 #include <linux/obd_support.h>
36 #include <linux/lustre_lib.h>
37 #include <linux/lustre_idl.h>
38 #include <linux/lustre_fsfilt.h>
39 #include <linux/lustre_smfs.h>
40 #include <linux/lustre_audit.h>
41 #include <linux/lustre_log.h>
42 #include "smfs_internal.h"
44 static audit_op hook2audit(hook_op hook)
46 audit_op opcode = AUDIT_NONE;
64 return AUDIT_READLINK;
89 struct inode * get_inode_from_hook(hook_op hook, void * msg)
97 struct hook_link_msg * m = msg;
98 inode = m->dentry->d_inode;
104 struct hook_unlink_msg * m = msg;
105 inode = m->dentry->d_inode;
110 struct hook_symlink_msg * m = msg;
111 inode = m->dentry->d_inode;
116 struct hook_rename_msg * m = msg;
117 inode = m->dentry->d_inode;
127 int smfs_get_audit(struct super_block * sb, struct inode * parent,
128 struct inode * inode, __u64 * mask)
130 struct smfs_super_info * smb = S2SMI(sb);
131 struct fsfilt_operations *fsfilt = smb->sm_fsfilt;
133 struct audit_priv * priv = NULL;
137 if (!SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
140 priv = smfs_get_plg_priv(S2SMI(sb), SMFS_PLG_AUDIT);
143 if (parent->i_ino == SMFS_IOPEN_INO)
149 if (IS_AUDIT(priv->a_mask)) {
150 (*mask) = priv->a_mask;
154 rc = fsfilt->fs_get_xattr(parent, AUDIT_ATTR_EA,
155 mask, sizeof(*mask));
159 //check if parent has audit
166 rc = fsfilt->fs_get_xattr(inode, AUDIT_ATTR_EA,
167 mask, sizeof(*mask));
177 int smfs_audit_check(struct inode * parent, hook_op hook, int ret,
178 struct audit_priv * priv, void * msg)
186 if (hook == HOOK_SPECIAL) {
187 struct audit_info * info = msg;
191 code = hook2audit(hook);
193 rc = smfs_get_audit(parent->i_sb, parent,
194 get_inode_from_hook(hook, msg),
198 //should only failures be audited?
199 if (!ret && IS_AUDIT_OP(mask, AUDIT_FAIL))
203 RETURN(IS_AUDIT_OP(mask, code));
206 static int smfs_set_fs_audit (struct super_block * sb, __u64 *mask)
208 struct smfs_super_info * smb = S2SMI(sb);
209 struct fsfilt_operations * fsfilt = smb->sm_fsfilt;
212 struct file * f = NULL;
213 struct audit_priv *priv;
214 struct lvfs_run_ctxt * ctxt, saved;
217 ctxt = &smb->smsi_exp->exp_obd->obd_lvfs_ctxt;
219 priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT);
221 CERROR("error updating audit setting: rc = %d\n", rc);
225 push_ctxt(&saved, ctxt, NULL);
227 f = filp_open(AUDIT_ATTR_FILE, O_RDWR|O_CREAT, 0600);
229 CERROR("cannot get audit_setting file\n");
234 rc = fsfilt->fs_write_record(f, mask, sizeof(*mask), &off, 1);
236 CERROR("error writting audit setting: rc = %d\n", rc);
240 priv->a_mask = (*mask);
246 pop_ctxt(&saved, ctxt, NULL);
251 //set audit attributes for directory/file
252 int smfs_set_audit(struct super_block * sb, struct inode * inode,
255 void * handle = NULL;
256 struct fsfilt_operations * fsfilt = S2SMI(sb)->sm_fsfilt;
261 if (IS_AUDIT_OP((*mask), AUDIT_FS))
262 return smfs_set_fs_audit(sb, mask);
266 handle = fsfilt->fs_start(inode, FSFILT_OP_SETATTR, NULL, 0);
268 RETURN(PTR_ERR(handle));
270 if (fsfilt->fs_set_xattr)
271 rc = fsfilt->fs_set_xattr(inode, handle, AUDIT_ATTR_EA,
272 mask, sizeof(*mask));
274 fsfilt->fs_commit(inode->i_sb, inode, handle, 1);
279 static int smfs_audit_post_op(hook_op code, struct inode * inode, void * msg,
283 char * buffer = NULL;
284 struct audit_record * rec = NULL;
285 struct llog_rec_hdr * llh;
286 struct timeval cur_time;
287 struct audit_priv * priv = arg;
288 audit_get_op * handler = priv->audit_get_record;
290 //check that we are in lustre ctxt
291 if (!SMFS_IS(I2SMI(inode)->smi_flags, SMFS_PLG_AUDIT))
294 if (!handler || !handler[code])
297 if (smfs_audit_check(inode, code, ret, priv, msg) == 0)
302 do_gettimeofday(&cur_time);
304 OBD_ALLOC(buffer, PAGE_SIZE);
310 rec = (void*)(buffer + sizeof(*llh));
313 rec->uid = current->uid;
314 rec->gid = current->gid;
315 rec->nid = current->user->nid;
316 rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
319 len = handler[code](inode, msg, priv, (char*)rec,
322 llh->lrh_len = size_round(len);
324 rc = llog_cat_add_rec(priv->audit_ctxt->loc_handle, llh, NULL,
325 (void*)rec, NULL, NULL);
327 CERROR("Error adding audit record: %d\n", rc);
330 audit_notify(priv->audit_ctxt->loc_handle, priv->au_id2name);
333 OBD_FREE(buffer, PAGE_SIZE);
339 static int smfs_trans_audit (struct super_block *sb, void *arg,
340 struct audit_priv * priv)
342 int size = 1; //one record in log per operation.
347 extern int mds_alloc_inode_ids(struct obd_device *, struct inode *,
348 void *, struct lustre_id *, struct lustre_id *);
350 static int smfs_start_audit(struct super_block *sb, void *arg,
351 struct audit_priv * audit_p)
353 struct smfs_super_info * smb = S2SMI(sb);
354 struct fsfilt_operations * fsfilt = smb->sm_fsfilt;
355 struct obd_device *obd = arg;
361 //is plugin already activated
362 if (SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
365 rc = audit_start_transferd();
367 CERROR("can't start audit transfer daemon. rc:%d\n", rc);
371 if (obd && obd->obd_type && obd->obd_type->typ_name) {
372 if (!strcmp(obd->obd_type->typ_name, "mds")) {
373 CDEBUG(D_INODE, "Setup MDS audit handler\n");
374 audit_mds_setup(obd, sb, audit_p);
376 else if (!strcmp(obd->obd_type->typ_name, "obdfilter")) {
377 CDEBUG(D_INODE, "Setup OST audit handler\n");
378 audit_ost_setup(obd, sb, audit_p);
381 CDEBUG(D_INODE, "Unknown obd type %s\n",
382 obd->obd_type->typ_name);
386 //read fs audit settings if any
387 audit_p->a_mask = AUDIT_OFF;
389 f = filp_open(AUDIT_ATTR_FILE, O_RDONLY, 0644);
392 rc = fsfilt->fs_read_record(f, &audit_p->a_mask,
393 sizeof(audit_p->a_mask), &off);
395 CERROR("error reading audit setting: rc = %d\n", rc);
400 SMFS_SET(smb->plg_flags, SMFS_PLG_AUDIT);
405 int smfs_stop_audit(struct super_block *sb, void *arg,
406 struct audit_priv * audit_p)
408 struct smfs_super_info * smb = S2SMI(sb);
409 struct llog_ctxt *ctxt = audit_p->audit_ctxt;
412 if (!SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
415 audit_stop_transferd();
417 SMFS_CLEAR(smb->plg_flags, SMFS_PLG_AUDIT);
420 ctxt->loc_llogs->llog_ctxt[LLOG_AUDIT_ORIG_CTXT] = NULL;
422 llog_catalog_cleanup(ctxt);
423 OBD_FREE(ctxt, sizeof(*ctxt));
424 audit_p->audit_ctxt = NULL;
429 int smfs_audit_set_info(struct super_block *sb, void *arg,
430 struct audit_priv *priv) {
431 struct plg_info_msg * msg = arg;
432 if (KEY_IS(msg->key, "id2name")) {
433 priv->au_id2name = msg->val;
439 typedef int (*audit_helper)(struct super_block * sb, void *msg, struct audit_priv *);
440 static audit_helper smfs_audit_helpers[PLG_HELPER_MAX] = {
441 [PLG_START] smfs_start_audit,
442 [PLG_STOP] smfs_stop_audit,
443 [PLG_TRANS_SIZE] smfs_trans_audit,
444 [PLG_TEST_INODE] NULL,
445 [PLG_SET_INODE] NULL,
446 [PLG_SET_INFO] smfs_audit_set_info,
449 static int smfs_audit_help_op(int code, struct super_block * sb,
450 void * arg, void * priv)
454 if (smfs_audit_helpers[code])
455 rc = smfs_audit_helpers[code](sb, arg, (struct audit_priv *) priv);
459 static int smfs_exit_audit(struct super_block *sb,
462 struct audit_priv * priv = arg;
463 struct smfs_plugin * plg;
466 plg = smfs_deregister_plugin(sb, SMFS_PLG_AUDIT);
468 OBD_FREE(plg, sizeof(*plg));
470 CERROR("Cannot find AUDIT plugin while unregistering\n");
473 OBD_FREE(priv, sizeof(*priv));
478 int smfs_init_audit(struct super_block *sb)
481 struct audit_priv * priv = NULL;
482 struct smfs_plugin * plg = NULL;
486 OBD_ALLOC(plg, sizeof(*plg));
492 plg->plg_type = SMFS_PLG_AUDIT;
493 plg->plg_post_op = &smfs_audit_post_op;
494 plg->plg_helper = &smfs_audit_help_op;
495 plg->plg_exit = &smfs_exit_audit;
497 OBD_ALLOC(priv, sizeof(*priv));
503 plg->plg_private = priv;
504 rc = smfs_register_plugin(sb, plg);
509 OBD_FREE(priv, sizeof(*priv));
512 OBD_FREE(plg, sizeof(*plg));
518 int audit_client_log(struct super_block * sb, struct audit_msg * msg)
520 struct smfs_super_info * smb = S2SMI(sb);
521 char *buffer = NULL, *pbuf = NULL;
522 struct audit_record * rec = NULL;
523 struct llog_rec_hdr * llh;
524 struct llog_handle * ll_handle = NULL;
526 struct timeval cur_time;
528 struct audit_priv * priv;
530 do_gettimeofday(&cur_time);
532 priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT);
536 ll_handle = priv->audit_ctxt->loc_handle;
538 OBD_ALLOC(buffer, PAGE_SIZE);
543 llh->lrh_type = SMFS_AUDIT_GEN_REC;
544 pbuf = buffer + sizeof(*llh);
548 rec->opcode = msg->code;
549 rec->result = msg->result;
553 rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
554 pbuf += sizeof(*rec);
562 len = audit_rec_from_id(&pbuf, &msg->id);
565 CERROR("Unknown code %i in audit_msg\n", msg->code);
568 llh->lrh_len = size_round(len);
570 rc = llog_cat_add_rec(ll_handle, llh, NULL, (void*)rec, NULL, NULL);
572 CERROR("Error adding audit client record: %d\n", rc);
575 audit_notify(ll_handle, priv->au_id2name);
578 OBD_FREE(buffer, PAGE_SIZE);