From 84be9587a7a94debfa0854fec1a32decd8ad6857 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 9 Nov 2025 11:19:03 +0100 Subject: [PATCH] vfs: Remove audit_file function Added in 2012 with 0dc3f423d25d3a, but I could not find any user of that call. Signed-off-by: Volker Lendecke Reviewed-by: Anoop C S --- docs-xml/manpages/vfs_full_audit.8.xml | 1 - examples/VFS/skel_opaque.c | 10 --------- examples/VFS/skel_transparent.c | 14 ------------- source3/include/vfs.h | 17 +-------------- source3/include/vfs_macros.h | 5 ----- source3/modules/vfs_default.c | 10 --------- source3/modules/vfs_full_audit.c | 24 --------------------- source3/modules/vfs_glusterfs.c | 1 - source3/modules/vfs_not_implemented.c | 11 ---------- source3/modules/vfs_time_audit.c | 29 -------------------------- source3/smbd/vfs.c | 14 ------------- 11 files changed, 1 insertion(+), 135 deletions(-) diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml index 59e72e19091..90989fbabf4 100644 --- a/docs-xml/manpages/vfs_full_audit.8.xml +++ b/docs-xml/manpages/vfs_full_audit.8.xml @@ -39,7 +39,6 @@ aio_force - audit_file brl_lock_windows brl_unlock_windows chdir diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index 7d0e6e8ff6d..b5d688edcad 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -922,15 +922,6 @@ static bool skel_aio_force(struct vfs_handle_struct *handle, return false; } -static NTSTATUS skel_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - static NTSTATUS skel_durable_cookie(struct vfs_handle_struct *handle, struct files_struct *fsp, TALLOC_CTX *mem_ctx, @@ -1048,7 +1039,6 @@ static struct vfs_fn_pointers skel_opaque_fns = { .parent_pathname_fn = skel_parent_pathname, .fsctl_fn = skel_fsctl, .freaddir_attr_fn = skel_freaddir_attr, - .audit_file_fn = skel_audit_file, /* DOS attributes. */ .get_dos_attributes_send_fn = skel_get_dos_attributes_send, diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index bcc59cc10bc..5564f07a7a5 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -1219,19 +1219,6 @@ static bool skel_aio_force(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_AIO_FORCE(handle, fsp); } -static NTSTATUS skel_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - return SMB_VFS_NEXT_AUDIT_FILE(handle, - file, - sacl, - access_requested, - access_denied); -} - static NTSTATUS skel_durable_cookie(struct vfs_handle_struct *handle, struct files_struct *fsp, TALLOC_CTX *mem_ctx, @@ -1362,7 +1349,6 @@ static struct vfs_fn_pointers skel_transparent_fns = { .parent_pathname_fn = skel_parent_pathname, .fsctl_fn = skel_fsctl, .freaddir_attr_fn = skel_freaddir_attr, - .audit_file_fn = skel_audit_file, /* DOS attributes. */ .get_dos_attributes_send_fn = skel_get_dos_attributes_send, diff --git a/source3/include/vfs.h b/source3/include/vfs.h index c4320d8ed7e..e99d84e36f8 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -395,6 +395,7 @@ * Change to Version 52 - will ship with 4.24 * Version 52 - Add rename_stream * Version 52 - Remove connectpath + * Version 52 - Remove audit_file */ #define SMB_VFS_INTERFACE_VERSION 51 @@ -1289,12 +1290,6 @@ struct vfs_fn_pointers { uint32_t security_info_sent, const struct security_descriptor *psd); - NTSTATUS (*audit_file_fn)(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied); - /* POSIX ACL operations. */ SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle, @@ -1812,11 +1807,6 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd); -NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied); int smb_vfs_call_chmod_acl(struct vfs_handle_struct *handle, const struct smb_filename *file, mode_t mode); @@ -2288,11 +2278,6 @@ int vfs_not_implemented_fsetxattr(vfs_handle_struct *handle, struct files_struct int flags); bool vfs_not_implemented_aio_force(struct vfs_handle_struct *handle, struct files_struct *fsp); -NTSTATUS vfs_not_implemented_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied); NTSTATUS vfs_not_implemented_durable_cookie(struct vfs_handle_struct *handle, struct files_struct *fsp, TALLOC_CTX *mem_ctx, diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 56983de6661..4c98862f039 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -510,11 +510,6 @@ #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc) \ smb_vfs_call_fget_nt_acl((handle)->next, (fsp), (security_info), (mem_ctx), (ppdesc)) -#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \ - smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied)) -#define SMB_VFS_NEXT_AUDIT_FILE(handle, name, sacl, access_requested, access_denied) \ - smb_vfs_call_audit_file((handle)->next, (name), (sacl), (access_requested), (access_denied)) - #define SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd) \ smb_vfs_call_fset_nt_acl((fsp)->conn->vfs_handles, (fsp), (security_info_sent), (psd)) #define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd) \ diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 93212066425..71f21b5d1fc 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -3512,15 +3512,6 @@ static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp return result; } -static NTSTATUS vfswrap_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - return NT_STATUS_OK; /* Nothing to do here ... */ -} - static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_TYPE_T type, @@ -4119,7 +4110,6 @@ static struct vfs_fn_pointers vfs_default_fns = { .fget_nt_acl_fn = vfswrap_fget_nt_acl, .fset_nt_acl_fn = vfswrap_fset_nt_acl, - .audit_file_fn = vfswrap_audit_file, /* POSIX ACL operations. */ diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 8bd72f93533..dd05a86e257 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -192,7 +192,6 @@ typedef enum _vfs_op_type { SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_OP_FSET_NT_ACL, - SMB_VFS_OP_AUDIT_FILE, /* POSIX ACL operations. */ @@ -322,7 +321,6 @@ static struct { { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" }, { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" }, { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" }, - { SMB_VFS_OP_AUDIT_FILE, "audit_file" }, { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" }, { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" }, { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" }, @@ -2562,27 +2560,6 @@ static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_stru return result; } -static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - NTSTATUS result; - - result = SMB_VFS_NEXT_AUDIT_FILE(handle, - file, - sacl, - access_requested, - access_denied); - - do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle, - "%s", - smb_fname_str_do_log(handle->conn, file)); - - return result; -} - static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_TYPE_T type, @@ -3001,7 +2978,6 @@ static struct vfs_fn_pointers vfs_full_audit_fns = { .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes, .fget_nt_acl_fn = smb_full_audit_fget_nt_acl, .fset_nt_acl_fn = smb_full_audit_fset_nt_acl, - .audit_file_fn = smb_full_audit_audit_file, .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd, .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd, .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd, diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 3f3a4f61994..0fabb9a7e08 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -2641,7 +2641,6 @@ static struct vfs_fn_pointers glusterfs_fns = { /* NT ACL Operations */ .fget_nt_acl_fn = NULL, .fset_nt_acl_fn = NULL, - .audit_file_fn = NULL, /* Posix ACL Operations */ .sys_acl_get_fd_fn = posixacl_xattr_acl_get_fd, diff --git a/source3/modules/vfs_not_implemented.c b/source3/modules/vfs_not_implemented.c index 38a5ee1825b..20ee1ff4658 100644 --- a/source3/modules/vfs_not_implemented.c +++ b/source3/modules/vfs_not_implemented.c @@ -1014,16 +1014,6 @@ bool vfs_not_implemented_aio_force(struct vfs_handle_struct *handle, return false; } -_PUBLIC_ -NTSTATUS vfs_not_implemented_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - _PUBLIC_ NTSTATUS vfs_not_implemented_durable_cookie(struct vfs_handle_struct *handle, struct files_struct *fsp, @@ -1144,7 +1134,6 @@ static struct vfs_fn_pointers vfs_not_implemented_fns = { .parent_pathname_fn = vfs_not_implemented_parent_pathname, .fsctl_fn = vfs_not_implemented_fsctl, .freaddir_attr_fn = vfs_not_implemented_freaddir_attr, - .audit_file_fn = vfs_not_implemented_audit_file, /* DOS attributes. */ .get_dos_attributes_send_fn = vfs_not_implemented_get_dos_attributes_send, diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index a4b04aa020f..3ff87a2a414 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -2320,34 +2320,6 @@ static NTSTATUS smb_time_audit_fset_nt_acl(vfs_handle_struct *handle, return result; } -static NTSTATUS smb_time_audit_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *smb_fname, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - NTSTATUS result; - struct timespec ts1,ts2; - double timediff; - - clock_gettime_mono(&ts1); - result = SMB_VFS_NEXT_AUDIT_FILE(handle, - smb_fname, - sacl, - access_requested, - access_denied); - clock_gettime_mono(&ts2); - timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; - - if (timediff > audit_timeout) { - smb_time_audit_log_fname("audit_file", - timediff, - smb_fname->base_name); - } - - return result; -} - static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_TYPE_T type, @@ -2789,7 +2761,6 @@ static struct vfs_fn_pointers vfs_time_audit_fns = { .fset_dos_attributes_fn = smb_time_fset_dos_attributes, .fget_nt_acl_fn = smb_time_audit_fget_nt_acl, .fset_nt_acl_fn = smb_time_audit_fset_nt_acl, - .audit_file_fn = smb_time_audit_audit_file, .sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd, .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd, .sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd, diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 7c5f141b3db..328df11d6af 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2485,20 +2485,6 @@ NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle, psd); } -NTSTATUS smb_vfs_call_audit_file(struct vfs_handle_struct *handle, - struct smb_filename *file, - struct security_acl *sacl, - uint32_t access_requested, - uint32_t access_denied) -{ - VFS_FIND(audit_file); - return handle->fns->audit_file_fn(handle, - file, - sacl, - access_requested, - access_denied); -} - SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_ACL_TYPE_T type, -- 2.47.3