struct llog_cookie *oti_logcookies;
int oti_numcookies;
int oti_flags;
+ /* save nid for security purposes like audit */
+ __u64 oti_nid;
};
static inline void oti_alloc_cookies(struct obd_trans_info *oti,int num_cookies)
int ll_audit_log (struct inode * inode, audit_op code, int ret)
{
struct audit_msg msg;
- //struct lustre_id * id = &msg.id;
struct obd_export * exp = ll_i2dtexp(inode);
int rc = 0;
msg.id = ll_i2info(inode)->lli_id;
msg.code = code;
msg.result = ret;
- msg.uid = current->fsuid;
- msg.gid = current->fsgid;
- msg.nid = 0xFEED;
+ msg.uid = current->uid;
+ msg.gid = current->gid;
+ msg.nid = 0;
rc = obd_set_info(exp, 8, "auditlog", sizeof(msg), &msg);
}
#include <linux/lustre_acl.h>
#include <linux/lustre_sec.h>
#include <linux/lustre_gs.h>
-#include <linux/lustre_audit.h>
-
#include "mds_internal.h"
-extern int mds_audit_auth(struct ptlrpc_request *, struct lvfs_ucred *,
- audit_op, struct lustre_id *,
- char *, int);
-extern int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *,
- struct dentry *, int);
-extern int mds_audit_open(struct ptlrpc_request *, struct mds_update_record *,
- int);
-
static int mds_intent_policy(struct ldlm_namespace *ns,
struct ldlm_lock **lockp, void *req_cookie,
ldlm_mode_t mode, int flags, void *data);
GOTO(cleanup, rc);
cleanup:
+ /* audit stuff for getattr */
+ if (resent_req == 0 && (dparent || dchild)) {
+ struct inode * au_inode = NULL;
+
+ if (dchild && dchild->d_inode)
+ au_inode = dchild->d_inode;
+ else
+ au_inode = dparent->d_inode;
+
+ mds_audit_stat(req, &body->id1, au_inode, name, namesize, rc);
+ }
switch (cleanup_phase) {
case 2:
if (resent_req == 0) {
#endif
if (dparent)
l_dput(dparent);
-
- /* audit stuff for getattr */
- if (dchild->d_inode)
- mds_audit_stat(req, &body->id1, dchild, rc);
}
l_dput(dchild);
case 1:
/* rc will be used to interrupt a for loop over multiple records */
rc = mds_reint_rec(rec, offset, req, lockh);
- /* audit stuff for OPEN */
- if (offset == 3 && rec->ur_opcode == REINT_OPEN)
- mds_audit_open(req, rec, rc);
-
- out:
+out:
mds_exit_ucred(&rec->ur_uc);
OBD_FREE(rec, sizeof(*rec));
RETURN(rc);
#include <linux/lprocfs_status.h>
#include <linux/lustre_commit_confd.h>
#include <linux/lustre_acl.h>
-#include <linux/lustre_audit.h>
#include "mds_internal.h"
int mds_audit_stat(struct ptlrpc_request *req, struct lustre_id * id,
- struct dentry * dentry, int ret)
+ struct inode *inode, char *name, int namelen, int ret)
{
struct obd_device *obd = req->rq_export->exp_obd;
- struct inode * inode = dentry->d_inode;
ptl_nid_t nid = req->rq_peer.peer_id.nid;
- struct audit_info info;
+ struct audit_info info = {
+ .name = NULL,
+ .namelen = 0,
+ };
int rc = 0, len = sizeof(info);
+
ENTRY;
LASSERT(inode);
LASSERT(id);
- memcpy(&info.m.id, id, sizeof(*id));
+ info.m.id = *id;
info.m.nid = nid;
info.m.uid = current->uid;
info.m.gid = current->gid;
info.m.result = ret;
info.m.code = AUDIT_STAT;
-
- //send info to local fs
+ if (ret) {
+ info.name = name;
+ info.namelen = namelen;
+ }
+ // send info to local fs
fsfilt_set_info(obd, inode->i_sb, inode,
10, "audit_info", len, (void*)&info);
RETURN(rc);
}
-int mds_audit_open(struct ptlrpc_request *req, struct mds_update_record * rec,
- int ret)
+int mds_audit_open(struct ptlrpc_request *req, struct lustre_id * id,
+ struct inode *inode, char *name, int namelen, int ret)
{
struct obd_device *obd = req->rq_export->exp_obd;
- struct inode * inode = NULL;
ptl_nid_t nid = req->rq_peer.peer_id.nid;
- struct audit_info info;
+ struct audit_info info = {
+ .name = NULL,
+ .namelen = 0,
+ };
int rc = 0, len = sizeof(info);
- struct dentry * dparent = NULL;
-
- dparent = mds_id2dentry(obd, rec->ur_id1, NULL);
- if (IS_ERR(dparent)) {
- rc = PTR_ERR(dparent);
- RETURN(rc);
- }
- inode = dparent->d_inode;
-
- info.m.id = *(rec->ur_id1);
+ ENTRY;
+
+ LASSERT(inode);
+ info.m.id = (*id);
info.m.nid = nid;
- info.m.uid = rec->ur_uc.luc_uid;
- info.m.gid = rec->ur_uc.luc_gid;
+ info.m.uid = current->uid;
+ info.m.gid = current->gid;
info.m.result = ret;
info.m.code = AUDIT_OPEN;
- info.name = rec->ur_name;
- info.namelen = rec->ur_namelen;
+ if (ret) {
+ info.name = name;
+ info.namelen = namelen;
+ }
- //send info to local fs
fsfilt_set_info(obd, inode->i_sb, inode,
10, "audit_info", len, (void*)&info);
-
- l_dput(dparent);
-
+
RETURN(rc);
}
#define _MDS_INTERNAL_H
#include <linux/lustre_mds.h>
+#include <linux/lustre_audit.h>
#define MDS_SERVICE_WATCHDOG_TIMEOUT 30000
/* mds_audit.c */
int mds_set_audit(struct obd_device * obd, void * val);
int mds_pack_audit(struct obd_device *, struct inode *, struct mds_body *);
+int mds_audit_auth(struct ptlrpc_request *, struct lvfs_ucred *,
+ audit_op, struct lustre_id *, char *, int);
+int mds_audit_stat(struct ptlrpc_request *, struct lustre_id *,
+ struct inode *, char*, int, int);
+int mds_audit_open(struct ptlrpc_request *, struct lustre_id *,
+ struct inode *, char*, int, int);
/* mds_acl.c */
struct upcall_cache *__mds_get_global_rmtacl_upcall_cache(void);
} else if (created) {
mds_lock_new_child(obd, dchild->d_inode, NULL);
}
+ /* audit stuff for OPEN */
+ if (offset == 3 && (dchild->d_inode || dparent)) {
+ struct lustre_id au_id;
+ struct inode * au_inode = dchild->d_inode;
+
+ if (au_inode == NULL)
+ au_inode = dparent->d_inode;
+
+ if (fid)
+ mds_inode2id(obd, &au_id, au_inode, fid);
+ else
+ au_id = *(rec->ur_id1);
+ mds_audit_open(req, &au_id, au_inode,
+ rec->ur_name, rec->ur_namelen, rc);
+ }
+
l_dput(dchild);
case 1:
if (dparent == NULL)
filter = &exp->exp_obd->u.filter;
push_ctxt(&saved, &exp->exp_obd->obd_lvfs_ctxt, NULL);
-
+ /* pass nid through */
+ current->user->nid = oti->oti_nid;
+
/* make sure that object is allocated. */
dentry = filter_crow_object(exp->exp_obd, oa);
if (IS_ERR(dentry))
filter_crow_object(struct obd_device *obd, struct obdo *oa)
{
struct dentry *dentry;
- obd_uid uid;
- obd_gid gid;
+ /* obd_uid uid; */
+ /* obd_gid gid; */
int rc = 0;
ENTRY;
CDEBUG(D_INODE, "OSS object "LPU64"/"LPU64
" does not exists - allocate it now\n",
oa->o_id, oa->o_gr);
-
+ /*
uid = oa->o_valid & OBD_MD_FLUID ? oa->o_uid : 0;
gid = oa->o_valid & OBD_MD_FLGID ? oa->o_gid : 0;
-
+ */
rc = filter_create_object(obd, oa);
if (rc) {
CERROR("cannot create OSS object "LPU64"/"LPU64
}
if (keylen == 8 && memcmp(key, "auditlog", 8) == 0) {
-
rc = fsfilt_set_info(obd, obd->u.filter.fo_sb, NULL,
8, "auditlog", vallen, val);
RETURN(rc);
} else if (keylen == 5 && strcmp(key, "audit") == 0) {
- //set audit for whole FS on OSS
+ /* set audit for whole FS on OSS */
struct audit_attr_msg * msg = val;
rc = fsfilt_set_info(obd, obd->u.filter.fo_sb, NULL,
RETURN(0);
}
if (keylen >= strlen("cache_sb") && memcmp(key, "cache_sb", 8) == 0) {
- /*Get log_context handle*/
unsigned long *sb = val;
*vallen = sizeof(unsigned long);
*sb = (unsigned long)obd->u.filter.fo_sb;
struct niobuf_local *res, struct obd_trans_info *oti,int ret)
{
int rc = -EPROTO;
- struct lustre_id *id = obdo_id(oa);
- __u32 len = sizeof(*id);
- struct inode * inode = res->dentry->d_inode;
- struct super_block * sb = res->dentry->d_sb;
- struct obd_device *obd = class_exp2obd(exp);
+ /* remove that audit handlers due to fsfilt_inode_map_pages hooks
+ //struct lustre_id *id = obdo_id(oa);
+ //__u32 len = sizeof(*id);
+ //struct inode * inode = res->dentry->d_inode;
+ //struct super_block * sb = res->dentry->d_sb;
+ //struct obd_device *obd = class_exp2obd(exp);
+ */
+ current->user->nid = oti->oti_nid;
if (cmd == OBD_BRW_WRITE) {
rc = filter_commitrw_write(exp, oa, objcount, obj, niocount,
res, oti, ret);
- fsfilt_set_info(obd, sb, inode, 10, "file_write", len, (void*)id);
+ /* fsfilt_set_info(obd, sb, inode, 10, "file_write", len, (void*)id); */
}
else if (cmd == OBD_BRW_READ) {
rc = filter_commitrw_read(exp, oa, objcount, obj, niocount,
res, oti, ret);
- fsfilt_set_info(obd, sb, inode, 9, "file_read", len, (void*)id);
+ /* fsfilt_set_info(obd, sb, inode, 9, "file_read", len, (void*)id); */
}
else
LBUG();
out:
ptlrpc_req_finished(req);
RETURN(rc);
- } else if (keylen >= strlen("client_nid") &&
+ } else if (keylen == 10 &&
strcmp(key, "client_nid") == 0) {
struct ptlrpc_connection * conn;
ptl_nid_t * nid = val;
if (!conn)
RETURN(-ENOTCONN);
- nid = &conn->c_peer.peer_id.nid;
+ *nid = &conn->c_peer.peer_id.nid;
RETURN(0);
}
if (oti == NULL)
return;
memset(oti, 0, sizeof *oti);
-
+ oti->oti_nid = req->rq_peer.peer_id.nid;
if (req->rq_repmsg && req->rq_reqmsg != 0)
oti->oti_transno = req->rq_repmsg->transno;
}
return AUDIT_SETATTR;
case HOOK_SI_WRITE:
+ case HOOK_WRITE:
return AUDIT_WRITE;
case HOOK_SI_READ:
+ case HOOK_READ:
return AUDIT_READ;
case HOOK_READDIR:
rec->time = cur_time.tv_sec * USEC_PER_SEC + cur_time.tv_usec;
pbuf += sizeof(*rec);
+ CDEBUG(D_VFSTRACE, "AUDITLOG:"DLID4"\n", OLID4(&msg->id));
+
switch (msg->code) {
case AUDIT_READ:
case AUDIT_WRITE:
{
case AUDIT_OPEN:
case AUDIT_CREATE:
+ case AUDIT_STAT:
if (info->name && info->namelen > 0) {
len += audit_fill_name_rec(&pbuf,
info->name,
struct audit_record * rec = (void*)buffer;
char * pbuf = buffer + sizeof(*rec);
int len = sizeof(*rec);
+ struct lustre_id id;
+
+ if (audit_ost_get_id(inode, &id) < 0)
+ CERROR("Cannot get lustre id from object EA\n");
rec->opcode = msg->write ? AUDIT_WRITE : AUDIT_READ;
- len += audit_rec_from_id(&pbuf, msg->id);
+ len += audit_rec_from_id(&pbuf, &id);
*type = SMFS_AUDIT_GEN_REC;
return len;
static audit_get_op audit_ost_record[HOOK_MAX] = {
[HOOK_SI_READ] audit_ost_rw_rec,
[HOOK_SI_WRITE] audit_ost_rw_rec,
+ [HOOK_READ] audit_ost_rw_rec,
+ [HOOK_WRITE] audit_ost_rw_rec,
[HOOK_CREATE] NULL, /* audit_ost_create_rec, */
[HOOK_UNLINK] audit_ost_unlink_rec,
[HOOK_SETATTR] audit_ost_setattr_rec,
int namelen = 0;
REC2ID(id_rec, &id);
+
rc = audit_id2name(obd, &name, &namelen, &id);
if (rc < 0) {
strncat(buf, "unknown", PAGE_SIZE - n);
struct fsfilt_operations *cache_fsfilt = I2FOPS(inode);
struct inode *cache_inode = NULL;
int rc = -EIO;
- /*
struct hook_rw_msg msg = {
.write = create,
};
- */
+ hook_op hook = create ? HOOK_WRITE : HOOK_READ;
ENTRY;
+
if (!cache_fsfilt)
RETURN(-EINVAL);
if (!cache_fsfilt->fs_map_inode_pages)
RETURN(-ENOSYS);
+ SMFS_PRE_HOOK(inode, hook, &msg);
down(&cache_inode->i_sem);
- //SMFS_PRE_HOOK(inode, HOOK_MAP_PAGES, &msg);
rc = cache_fsfilt->fs_map_inode_pages(cache_inode, page, pages, blocks,
created, create, sem);
-
up(&cache_inode->i_sem);
+ SMFS_POST_HOOK(inode, hook, &msg, rc);
RETURN(rc);
}
OBD_FREE(smb->smsi_cache_ftype, strlen(typestr) + 1);
err_umount_cache:
mntput(mnt);
-err_out:
+
return err;
}