1 /* -*- mode: c; c-basic-offset: 8; indent-tabs-mode: nil; -*-
2 * vim:expandtab:shiftwidth=8:tabstop=8:
4 * lustre/smfs/audit_mds.c
5 * Lustre filesystem audit part for MDS
7 * Copyright (C) 2004 Cluster File Systems, Inc.
9 * This file is part of Lustre, http://www.lustre.org.
11 * Lustre is free software; you can redistribute it and/or
12 * modify it under the terms of version 2 of the GNU General Public
13 * License as published by the Free Software Foundation.
15 * Lustre is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with Lustre; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 # define EXPORT_SYMTAB
28 #define DEBUG_SUBSYSTEM S_SM
30 #include <linux/kmod.h>
31 #include <linux/init.h>
33 #include <linux/slab.h>
34 #include <linux/obd_class.h>
35 #include <linux/obd_support.h>
36 #include <linux/lustre_lib.h>
37 #include <linux/lustre_idl.h>
38 #include <linux/lustre_fsfilt.h>
39 #include <linux/lustre_smfs.h>
40 #include <linux/lustre_audit.h>
41 #include <linux/lustre_log.h>
42 #include "smfs_internal.h"
44 static audit_op hook2audit(hook_op hook)
46 audit_op opcode = AUDIT_NONE;
64 return AUDIT_READLINK;
89 struct inode * get_inode_from_hook(hook_op hook, void * msg)
97 struct hook_link_msg * m = msg;
98 inode = m->dentry->d_inode;
104 struct hook_unlink_msg * m = msg;
105 inode = m->dentry->d_inode;
110 struct hook_symlink_msg * m = msg;
111 inode = m->dentry->d_inode;
116 struct hook_rename_msg * m = msg;
117 inode = m->dentry->d_inode;
126 /* is called also from fsfilt_smfs_get_info */
127 int smfs_get_audit(struct super_block * sb, struct inode * parent,
128 struct inode * inode, __u64 * mask)
130 struct smfs_super_info * smb = S2SMI(sb);
131 struct fsfilt_operations *fsfilt = smb->sm_fsfilt;
132 struct obd_device * obd = smb->smsi_exp->exp_obd;
134 struct audit_priv * priv = NULL;
138 if (!SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
141 priv = smfs_get_plg_priv(S2SMI(sb), SMFS_PLG_AUDIT);
143 /* omit __iopen__ dir */
144 if (parent->i_ino == SMFS_IOPEN_INO)
150 if (IS_AUDIT(priv->a_mask)) {
151 /* no audit for directories on OSS */
152 if (inode && S_ISDIR(inode->i_mode) &&
153 !strcmp(obd->obd_type->typ_name, OBD_FILTER_DEVICENAME))
155 (*mask) = priv->a_mask;
158 /* get inode audit EA */
159 rc = fsfilt->fs_get_xattr(parent, AUDIT_ATTR_EA,
160 mask, sizeof(*mask));
164 /* check if parent has audit */
171 rc = fsfilt->fs_get_xattr(inode, AUDIT_ATTR_EA,
172 mask, sizeof(*mask));
182 int smfs_audit_check(struct inode * parent, hook_op hook, int ret,
183 struct audit_priv * priv, void * msg)
191 if (hook == HOOK_SPECIAL) {
192 struct audit_info * info = msg;
196 code = hook2audit(hook);
198 rc = smfs_get_audit(parent->i_sb, parent,
199 get_inode_from_hook(hook, msg),
203 //should only failures be audited?
204 if (ret >= 0 && IS_AUDIT_OP(mask, AUDIT_FAIL))
208 RETURN(IS_AUDIT_OP(mask, code));
211 static int smfs_set_fs_audit (struct super_block * sb, __u64 *mask)
213 struct smfs_super_info * smb = S2SMI(sb);
214 struct fsfilt_operations * fsfilt = smb->sm_fsfilt;
217 struct file * f = NULL;
218 struct audit_priv *priv;
219 struct lvfs_run_ctxt * ctxt, saved;
222 ctxt = &smb->smsi_exp->exp_obd->obd_lvfs_ctxt;
224 priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT);
226 CERROR("Audit is not initialized, use mountoptions 'audit'\n");
230 push_ctxt(&saved, ctxt, NULL);
232 f = filp_open(AUDIT_ATTR_FILE, O_RDWR|O_CREAT, 0600);
234 CERROR("cannot get audit_setting file\n");
239 rc = fsfilt->fs_write_record(f, mask, sizeof(*mask), &off, 1);
241 CERROR("error writting audit setting: rc = %d\n", rc);
245 priv->a_mask = (*mask);
251 pop_ctxt(&saved, ctxt, NULL);
256 //set audit attributes for directory/file
257 int smfs_set_audit(struct super_block * sb, struct inode * inode,
260 void * handle = NULL;
261 struct fsfilt_operations * fsfilt = S2SMI(sb)->sm_fsfilt;
266 if (IS_AUDIT_OP((*mask), AUDIT_FS))
267 return smfs_set_fs_audit(sb, mask);
271 handle = fsfilt->fs_start(inode, FSFILT_OP_SETATTR, NULL, 0);
273 RETURN(PTR_ERR(handle));
275 if (fsfilt->fs_set_xattr)
276 rc = fsfilt->fs_set_xattr(inode, handle, AUDIT_ATTR_EA,
277 mask, sizeof(*mask));
279 fsfilt->fs_commit(inode->i_sb, inode, handle, 1);
284 static int smfs_audit_post_op(hook_op code, struct inode * inode, void * msg,
288 char * buffer = NULL;
289 struct audit_record * rec = NULL;
290 struct llog_rec_hdr * llh;
291 struct timeval cur_time;
292 struct audit_priv * priv = arg;
293 audit_get_op * handler = priv->audit_get_record;
295 //check that we are in lustre ctxt
296 if (!SMFS_IS(I2SMI(inode)->smi_flags, SMFS_PLG_AUDIT))
299 if (!handler || !handler[code])
302 if (smfs_audit_check(inode, code, ret, priv, msg) == 0)
307 do_gettimeofday(&cur_time);
309 OBD_ALLOC(buffer, PAGE_SIZE);
315 rec = (void*)(buffer + sizeof(*llh));
318 rec->uid = current->uid;
319 rec->gid = current->gid;
320 rec->nid = current->user->nid;
321 rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
323 len = handler[code](inode, msg, priv, (char*)rec,
326 LASSERT(llh->lrh_type == SMFS_AUDIT_GEN_REC ||
327 llh->lrh_type == SMFS_AUDIT_NAME_REC);
329 llh->lrh_len = size_round(len);
331 rc = llog_cat_add_rec(priv->audit_ctxt->loc_handle, llh, NULL,
332 (void*)rec, NULL, NULL);
334 CERROR("Error adding audit record: %d\n", rc);
337 audit_notify(priv->audit_ctxt->loc_handle, priv->au_id2name);
340 OBD_FREE(buffer, PAGE_SIZE);
346 static int smfs_trans_audit (struct super_block *sb, void *arg,
347 struct audit_priv * priv)
349 int size = 1; //one record in log per operation.
354 extern int mds_alloc_inode_ids(struct obd_device *, struct inode *,
355 void *, struct lustre_id *, struct lustre_id *);
357 static int smfs_start_audit(struct super_block *sb, void *arg,
358 struct audit_priv * audit_p)
360 struct smfs_super_info * smb = S2SMI(sb);
361 struct fsfilt_operations * fsfilt = smb->sm_fsfilt;
362 struct obd_device *obd = arg;
368 //is plugin already activated
369 if (SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
372 rc = audit_start_transferd();
374 CERROR("can't start audit transfer daemon. rc:%d\n", rc);
378 if (obd && obd->obd_type && obd->obd_type->typ_name) {
379 if (!strcmp(obd->obd_type->typ_name, "mds")) {
380 CDEBUG(D_INODE, "Setup MDS audit handler\n");
381 audit_mds_setup(obd, sb, audit_p);
383 else if (!strcmp(obd->obd_type->typ_name, "obdfilter")) {
384 CDEBUG(D_INODE, "Setup OST audit handler\n");
385 audit_ost_setup(obd, sb, audit_p);
388 CDEBUG(D_INODE, "Unknown obd type %s\n",
389 obd->obd_type->typ_name);
393 //read fs audit settings if any
394 audit_p->a_mask = AUDIT_OFF;
396 f = filp_open(AUDIT_ATTR_FILE, O_RDONLY, 0644);
399 rc = fsfilt->fs_read_record(f, &audit_p->a_mask,
400 sizeof(audit_p->a_mask), &off);
402 CERROR("error reading audit setting: rc = %d\n", rc);
407 SMFS_SET(smb->plg_flags, SMFS_PLG_AUDIT);
412 int smfs_stop_audit(struct super_block *sb, void *arg,
413 struct audit_priv * audit_p)
415 struct smfs_super_info * smb = S2SMI(sb);
416 struct llog_ctxt *ctxt = audit_p->audit_ctxt;
419 if (!SMFS_IS(smb->plg_flags, SMFS_PLG_AUDIT))
422 audit_stop_transferd();
424 SMFS_CLEAR(smb->plg_flags, SMFS_PLG_AUDIT);
427 ctxt->loc_llogs->llog_ctxt[LLOG_AUDIT_ORIG_CTXT] = NULL;
429 llog_catalog_cleanup(ctxt);
430 OBD_FREE(ctxt, sizeof(*ctxt));
431 audit_p->audit_ctxt = NULL;
436 int smfs_audit_set_info(struct super_block *sb, void *arg,
437 struct audit_priv *priv) {
438 struct plg_info_msg * msg = arg;
439 if (KEY_IS(msg->key, "id2name")) {
440 priv->au_id2name = msg->val;
446 typedef int (*audit_helper)(struct super_block * sb, void *msg, struct audit_priv *);
447 static audit_helper smfs_audit_helpers[PLG_HELPER_MAX] = {
448 [PLG_START] smfs_start_audit,
449 [PLG_STOP] smfs_stop_audit,
450 [PLG_TRANS_SIZE] smfs_trans_audit,
451 [PLG_TEST_INODE] NULL,
452 [PLG_SET_INODE] NULL,
453 [PLG_SET_INFO] smfs_audit_set_info,
456 static int smfs_audit_help_op(int code, struct super_block * sb,
457 void * arg, void * priv)
461 if (smfs_audit_helpers[code])
462 rc = smfs_audit_helpers[code](sb, arg, (struct audit_priv *) priv);
466 static int smfs_exit_audit(struct super_block *sb,
469 struct audit_priv * priv = arg;
470 struct smfs_plugin * plg;
473 plg = smfs_deregister_plugin(sb, SMFS_PLG_AUDIT);
475 OBD_FREE(plg, sizeof(*plg));
477 CERROR("Cannot find AUDIT plugin while unregistering\n");
480 OBD_FREE(priv, sizeof(*priv));
485 int smfs_init_audit(struct super_block *sb)
488 struct audit_priv * priv = NULL;
489 struct smfs_plugin * plg = NULL;
493 OBD_ALLOC(plg, sizeof(*plg));
499 plg->plg_type = SMFS_PLG_AUDIT;
500 plg->plg_post_op = &smfs_audit_post_op;
501 plg->plg_helper = &smfs_audit_help_op;
502 plg->plg_exit = &smfs_exit_audit;
504 OBD_ALLOC(priv, sizeof(*priv));
510 plg->plg_private = priv;
511 rc = smfs_register_plugin(sb, plg);
516 OBD_FREE(priv, sizeof(*priv));
519 OBD_FREE(plg, sizeof(*plg));
525 int audit_client_log(struct super_block * sb, struct audit_msg * msg)
527 struct smfs_super_info * smb = S2SMI(sb);
528 char *buffer = NULL, *pbuf = NULL;
529 struct audit_record * rec = NULL;
530 struct llog_rec_hdr * llh;
531 struct llog_handle * ll_handle = NULL;
533 struct timeval cur_time;
535 struct audit_priv * priv;
539 do_gettimeofday(&cur_time);
541 priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT);
545 ll_handle = priv->audit_ctxt->loc_handle;
547 OBD_ALLOC(buffer, PAGE_SIZE);
552 llh->lrh_type = SMFS_AUDIT_GEN_REC;
553 pbuf = buffer + sizeof(*llh);
557 rec->opcode = msg->code;
558 rec->result = msg->result;
562 rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
563 pbuf += sizeof(*rec);
571 len = audit_rec_from_id(&pbuf, &msg->id);
574 CERROR("Unknown code %i in audit_msg\n", msg->code);
577 llh->lrh_len = size_round(len);
579 rc = llog_cat_add_rec(ll_handle, llh, NULL, (void*)rec, NULL, NULL);
581 CERROR("Error adding audit client record: %d\n", rc);
584 audit_notify(ll_handle, priv->au_id2name);
587 OBD_FREE(buffer, PAGE_SIZE);