- rc code is not failure is > 0

- only files on OSS should be audited - audit_fill_id_rec is valid only on mds. Moved to mds_audit.c - audit_ost_get_id() gets lustre id for OSS object for audit log

- rc code is not failure is > 0
- only files on OSS should be audited - audit_fill_id_rec is valid only on mds. Moved to mds_audit.c - audit_ost_get_id() gets lustre id for OSS object for audit log
db5f92d5 · Mikhail Pershin · 5dda77b4 · db5f92d5 · db5f92d5 · db5f92d5
Commit db5f92d5 authored 19 years ago by Mikhail Pershin
--- a/lustre/llite/llite_audit.c
+++ b/lustre/llite/llite_audit.c
@@ -71,7 +71,7 @@ int ll_check_audit(struct inode * inode, audit_op op, int ret)
                return 0;
        //if audit is only for failures?
-        if (!ret && IS_AUDIT_OP(mask, AUDIT_FAIL))
+        if (ret >= 0 && IS_AUDIT_OP(mask, AUDIT_FAIL))
                return 0;
        return (IS_AUDIT_OP(mask,op));

--- a/lustre/smfs/audit.c
+++ b/lustre/smfs/audit.c
@@ -123,12 +123,13 @@ struct inode * get_inode_from_hook(hook_op hook, void * msg)
        return inode;
 }
+/* is called also from fsfilt_smfs_get_info */
 int smfs_get_audit(struct super_block * sb, struct inode * parent,
                   struct inode * inode,  __u64 * mask)
 {
        struct smfs_super_info * smb = S2SMI(sb);
        struct fsfilt_operations *fsfilt = smb->sm_fsfilt;
+        struct obd_device * obd = smb->smsi_exp->exp_obd;
        int rc;
        struct audit_priv * priv = NULL;
@@ -139,7 +140,7 @@ int smfs_get_audit(struct super_block * sb, struct inode * parent,
        priv = smfs_get_plg_priv(S2SMI(sb), SMFS_PLG_AUDIT);
-        //omit __iopen__ dir
+        /* omit __iopen__ dir */
        if (parent->i_ino == SMFS_IOPEN_INO)
                RETURN(-ENOENT);
@@ -147,16 +148,20 @@ int smfs_get_audit(struct super_block * sb, struct inode * parent,
                RETURN(-ENOENT);
        if (IS_AUDIT(priv->a_mask)) {
+                /* no audit for directories on OSS */
+                if (inode && S_ISDIR(inode->i_mode) &&
+                    !strcmp(obd->obd_type->typ_name, OBD_FILTER_DEVICENAME))
+                        RETURN(-EINVAL);
                (*mask) = priv->a_mask;
                RETURN(0);
        }
-        //get inode audit EA
+        /* get inode audit EA */
        rc = fsfilt->fs_get_xattr(parent, AUDIT_ATTR_EA,
                                  mask, sizeof(*mask));
        if (rc <= 0)
                RETURN(-ENODATA);
-        //check if parent has audit
+        /* check if parent has audit */
        if (IS_AUDIT(*mask))
                RETURN(0);
@@ -527,6 +532,8 @@ int audit_client_log(struct super_block * sb, struct audit_msg * msg)
        //char name[32];
        struct audit_priv * priv;
+        ENTRY;
        do_gettimeofday(&cur_time);
        priv = smfs_get_plg_priv(smb, SMFS_PLG_AUDIT);

--- a/lustre/smfs/audit_mds.c
+++ b/lustre/smfs/audit_mds.c
@@ -40,6 +40,29 @@
 #include <linux/lustre_audit.h>
 #include "smfs_internal.h"
+static inline int audit_fill_id_rec (char **pbuf, struct inode * inode)
+{
+        struct fsfilt_operations *fsfilt = I2FOPS(inode);
+        struct audit_id_record * rec = (void*)(*pbuf);
+        int len = sizeof(*rec);
+        struct lustre_fid fid;
+        int rc = 0;
+        rec->au_num = inode->i_ino;
+        rec->au_type = (S_IFMT & inode->i_mode);
+        rec->au_gen = inode->i_generation;
+        //fid & mdsnum
+        rc = fsfilt->fs_get_md(I2CI(inode), &fid, sizeof(fid), EA_SID);
+        if (rc > 0) {
+                rec->au_fid = fid.lf_id;
+                rec->au_mds = fid.lf_group;
+        }
+        *pbuf += len;
+        return len;
+}
 int static audit_mds_create_rec(struct inode * parent, void * arg,
                                struct audit_priv * priv, char * buffer,
                                __u32 * type)

--- a/lustre/smfs/audit_ost.c
+++ b/lustre/smfs/audit_ost.c
@@ -40,6 +40,16 @@
 #include <linux/lustre_audit.h>
 #include "smfs_internal.h"
+static int audit_ost_get_id(struct inode * inode, struct lustre_id * id) 
+{
+        struct fsfilt_operations *fsfilt = S2SMI(inode->i_sb)->sm_fsfilt;
+        ENTRY;
+        if(fsfilt->fs_get_md(inode, id, sizeof(*id), EA_SID) <= 0)
+                RETURN(-ENODATA);
+        RETURN(0);        
+}
 static int audit_ost_create_rec(struct inode * parent, void * arg,
                                struct audit_priv * priv, char * buffer,
                                __u32 * type)
@@ -48,11 +58,14 @@ static int audit_ost_create_rec(struct inode * parent, void * arg,
        struct audit_record * rec = (void*)buffer;
        char * pbuf = buffer + sizeof(*rec); 
        struct inode * inode = msg->dentry->d_inode;
+        struct lustre_id id;
        int len = sizeof(*rec);
-        //TODO: useless until lustre inode id is in EA
+        if (audit_ost_get_id(inode, &id) < 0) 
+                CERROR("Cannot get lustre id from object EA\n");
        rec->opcode = AUDIT_CREATE;
-        len += audit_fill_id_rec(&pbuf, inode);
+        len += audit_rec_from_id(&pbuf, &id);
        *type = SMFS_AUDIT_GEN_REC;
        return len;
 }
@@ -66,11 +79,14 @@ static int audit_ost_unlink_rec(struct inode * parent, void * arg,
        struct audit_record * rec = (void*)buffer;
        char * pbuf = buffer + sizeof(*rec);
        int len = sizeof(*rec);
+        struct lustre_id id;
-        //TODO: useless until lustre inode id is in EA
+        if (audit_ost_get_id(inode, &id) < 0) 
-        rec->opcode = AUDIT_UNLINK;                
+                CERROR("Cannot get lustre id from object EA\n");
-        len += audit_fill_id_rec(&pbuf, inode);
-        len += audit_fill_id_rec(&pbuf, parent);
+        rec->opcode = AUDIT_UNLINK;
+        len += audit_rec_from_id(&pbuf, &id);
+        //len += audit_fill_id_rec(&pbuf, parent);
        *type = SMFS_AUDIT_GEN_REC;
        return len;        
@@ -84,10 +100,13 @@ int static audit_ost_setattr_rec(struct inode * inode, void * arg,
        struct audit_record * rec = (void*)buffer;
        char * pbuf = buffer + sizeof(*rec);
        int len = sizeof(*rec);
+        struct lustre_id id;
-        //TODO: useless until lustre inode id is in EA
+        if (audit_ost_get_id(inode, &id) < 0) 
+                CERROR("Cannot get lustre id from object EA\n");
        rec->opcode = AUDIT_SETATTR;
-        len += audit_fill_id_rec(&pbuf, inode);
+        len += audit_rec_from_id(&pbuf, &id);
        *type = SMFS_AUDIT_GEN_REC;
        return len;
@@ -112,7 +131,7 @@ int static audit_ost_rw_rec(struct inode * inode, void * arg,
 static audit_get_op audit_ost_record[HOOK_MAX] = {
        [HOOK_SI_READ]      audit_ost_rw_rec,
        [HOOK_SI_WRITE]     audit_ost_rw_rec,
-        [HOOK_CREATE]       audit_ost_create_rec,
+        [HOOK_CREATE]       NULL, /* audit_ost_create_rec, */
        [HOOK_UNLINK]       audit_ost_unlink_rec,
        [HOOK_SETATTR]      audit_ost_setattr_rec,
        [HOOK_F_SETATTR]    audit_ost_setattr_rec

--- a/lustre/smfs/audit_transfer.c
+++ b/lustre/smfs/audit_transfer.c
@@ -112,7 +112,7 @@ const char *opstr[AUDIT_MAX] = {
 };
 #define construct_header(buf, size, rec, id_rec)                        \
-        snprintf(buf, size, "AUDIT:"LPU64":%u/%u:%s:%d:"DLID4":",       \
+        snprintf(buf, size, "AUDIT:"LPX64":%u/%u:%s:%d:"DLID4":",       \
        rec->nid, rec->uid, rec->gid, opstr[rec->opcode], (__s16)rec->result,\
        (unsigned long)id_rec->au_fid, (unsigned long)id_rec->au_mds, \
        (unsigned long)id_rec->au_num, (unsigned long)id_rec->au_gen);

--- a/lustre/smfs/smfs_api.h
+++ b/lustre/smfs/smfs_api.h
@@ -217,29 +217,6 @@ static inline int audit_rec_from_id (char **pbuf, struct lustre_id * id)
        return len;
 }
-static inline int audit_fill_id_rec (char **pbuf, struct inode * inode)
-{
-        struct fsfilt_operations *fsfilt = I2FOPS(inode);
-        struct audit_id_record * rec = (void*)(*pbuf);
-        int len = sizeof(*rec);
-        struct lustre_fid fid;
-        int rc = 0;
-        rec->au_num = inode->i_ino;
-        rec->au_type = (S_IFMT & inode->i_mode);
-        rec->au_gen = inode->i_generation;
-        //fid & mdsnum
-        rc = fsfilt->fs_get_md(I2CI(inode), &fid, sizeof(fid), EA_SID);
-        if (rc > 0) {
-                rec->au_fid = fid.lf_id;
-                rec->au_mds = fid.lf_group;
-        }
-        *pbuf += len;
-        return len;
-}
 static inline int audit_fill_name_rec (char **pbuf, const char * name, int nlen) 
 {
        struct audit_name_record * n_rec = (void*)(*pbuf);