156031 – Samba full_audit options do not limit logging

Bug 156031 - Samba full_audit options do not limit logging

Summary: Samba full_audit options do not limit logging

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	samba
Sub Component:
Version:	4
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-26 19:25 UTC by James J. Moore
Modified:	2014-08-31 23:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:	3.0.23a
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-01-22 16:27:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description James J. Moore 2005-04-26 19:25:19 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.7.7-1.3.1

Description of problem:
When activating the full_audit vfs module on a Samba share and specifying user actions to log as options to full_audit, it ignores the options specified and logs all user actions when the user connects using a GUI file browser such as Windows Explorer or Nautilus.  On the other hand, when the user connects via smbclient or mounts the share with smbmount and performs actions on the command line, only the actions specified in the options to full_audit are logged.

Version-Release number of selected component (if applicable):
samba-3.0.10-1.fc3

How reproducible:
Always

Steps to Reproduce:
1.  Create a Samba share definition in /etc/samba/smb.conf.  Include the following (for example):
    vfs objects = full_audit
    full_audit:prefix = %u|%m
    full_audit:success = write rename
    full_audit:failure = connect mkdir rmdir write open unlink rename

2.  Set Samba logging level to 2 or higher.
3.  Reload Samba.
4.  Connect to the created share by mapping a drive from a Windows client or by mounting the share on a Linux client using smbmount or mount.cifs.
5.  Navigate the shared filesystem using Windows Explorer or Nautilus.
  

Actual Results:  The audit log contained entries such as the following:
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|chdir|ok|chdir|/opt/common/corp
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|.
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|fail
(No such file or directory)|*
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|opendir|ok|./
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|readdir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|closedir|ok|
Apr 18 08:07:44 dummy-eth0 smbd_audit: WORKGROUP+dummy_me|192.168.0.1|stat|ok|./.


Expected Results:  Given the full_audit options specified for the share, none of these entries should have appeared in the audit log.

Additional info:

Comment 1 James J. Moore 2005-04-26 19:26:37 UTC

NOTE:  This is meant to replace bug 145222.

Comment 2 James J. Moore 2005-07-18 17:20:07 UTC

This bug found on Fedora Core 4, samba-3.0.14a-2

Comment 3 Christian Iseli 2007-01-22 10:17:12 UTC

This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 4 James J. Moore 2007-01-22 16:27:23 UTC

Testing with recent Samba versions in fc5 no longer shows the behavior 
originally reported.  Works much better now.

Note You need to log in before you can comment on or make changes to this bug.