From 7d1bcfc99c393367093c903f95a5e365881b7989 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:15:30 +0800
Subject: [PATCH 1/3] Make sure that vfs*audit modules recognize and accept all
 the syslog facilities.

---
 source3/modules/vfs_audit.c      | 34 +++++++++++++++++++++++-----------
 source3/modules/vfs_extd_audit.c | 34 +++++++++++++++++++++++-----------
 source3/modules/vfs_full_audit.c | 34 +++++++++++++++++++++++-----------
 3 files changed, 69 insertions(+), 33 deletions(-)

diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
index 12477d5b01f..4f9d16c452e 100644
--- a/source3/modules/vfs_audit.c
+++ b/source3/modules/vfs_audit.c
@@ -33,16 +33,28 @@
 static int audit_syslog_facility(vfs_handle_struct *handle)
 {
 	static const struct enum_list enum_log_facilities[] = {
-		{ LOG_USER, "USER" },
-		{ LOG_LOCAL0, "LOCAL0" },
-		{ LOG_LOCAL1, "LOCAL1" },
-		{ LOG_LOCAL2, "LOCAL2" },
-		{ LOG_LOCAL3, "LOCAL3" },
-		{ LOG_LOCAL4, "LOCAL4" },
-		{ LOG_LOCAL5, "LOCAL5" },
-		{ LOG_LOCAL6, "LOCAL6" },
-		{ LOG_LOCAL7, "LOCAL7" },
-		{ -1, NULL}
+		{ LOG_AUTH,	"AUTH" },
+		{ LOG_CRON,	"CRON" },
+		{ LOG_DAEMON,	"DAEMON" },
+		{ LOG_FTP,	"FTP" },
+		{ LOG_KERN,	"KERN" },
+		{ LOG_LPR,	"LPR" },
+		{ LOG_MAIL,	"MAIL" },
+		{ LOG_NEWS,	"NEWS" },
+		{ LOG_NTP,	"NTP" },
+		{ LOG_SECURITY,	"SECURITY" },
+		{ LOG_SYSLOG,	"SYSLOG" },
+		{ LOG_USER,	"USER" },
+		{ LOG_UUCP,	"UUCP" },
+		{ LOG_LOCAL0,	"LOCAL0" },
+		{ LOG_LOCAL1,	"LOCAL1" },
+		{ LOG_LOCAL2,	"LOCAL2" },
+		{ LOG_LOCAL3,	"LOCAL3" },
+		{ LOG_LOCAL4,	"LOCAL4" },
+		{ LOG_LOCAL5,	"LOCAL5" },
+		{ LOG_LOCAL6,	"LOCAL6" },
+		{ LOG_LOCAL7,	"LOCAL7" },
+		{ -1,		NULL }
 	};
 
 	int facility;
@@ -64,7 +76,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
 		{ LOG_NOTICE, "NOTICE" },
 		{ LOG_INFO, "INFO" },
 		{ LOG_DEBUG, "DEBUG" },
-		{ -1, NULL}
+		{ -1, NULL }
 	};
 
 	int priority;
diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
index 7d1fe273978..5307569a010 100644
--- a/source3/modules/vfs_extd_audit.c
+++ b/source3/modules/vfs_extd_audit.c
@@ -36,16 +36,28 @@ static int vfs_extd_audit_debug_level = DBGC_VFS;
 static int audit_syslog_facility(vfs_handle_struct *handle)
 {
 	static const struct enum_list enum_log_facilities[] = {
-		{ LOG_USER, "USER" },
-		{ LOG_LOCAL0, "LOCAL0" },
-		{ LOG_LOCAL1, "LOCAL1" },
-		{ LOG_LOCAL2, "LOCAL2" },
-		{ LOG_LOCAL3, "LOCAL3" },
-		{ LOG_LOCAL4, "LOCAL4" },
-		{ LOG_LOCAL5, "LOCAL5" },
-		{ LOG_LOCAL6, "LOCAL6" },
-		{ LOG_LOCAL7, "LOCAL7" },
-		{ -1, NULL}
+		{ LOG_AUTH,	"AUTH" },
+		{ LOG_CRON,	"CRON" },
+		{ LOG_DAEMON,	"DAEMON" },
+		{ LOG_FTP,	"FTP" },
+		{ LOG_KERN,	"KERN" },
+		{ LOG_LPR,	"LPR" },
+		{ LOG_MAIL,	"MAIL" },
+		{ LOG_NEWS,	"NEWS" },
+		{ LOG_NTP,	"NTP" },
+		{ LOG_SECURITY,	"SECURITY" },
+		{ LOG_SYSLOG,	"SYSLOG" },
+		{ LOG_USER,	"USER" },
+		{ LOG_UUCP,	"UUCP" },
+		{ LOG_LOCAL0,	"LOCAL0" },
+		{ LOG_LOCAL1,	"LOCAL1" },
+		{ LOG_LOCAL2,	"LOCAL2" },
+		{ LOG_LOCAL3,	"LOCAL3" },
+		{ LOG_LOCAL4,	"LOCAL4" },
+		{ LOG_LOCAL5,	"LOCAL5" },
+		{ LOG_LOCAL6,	"LOCAL6" },
+		{ LOG_LOCAL7,	"LOCAL7" },
+		{ -1,		NULL }
 	};
 
 	int facility;
@@ -67,7 +79,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
 		{ LOG_NOTICE, "NOTICE" },
 		{ LOG_INFO, "INFO" },
 		{ LOG_DEBUG, "DEBUG" },
-		{ -1, NULL}
+		{ -1, NULL }
 	};
 
 	int priority;
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a205007f46f..a52af4b5740 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -357,16 +357,28 @@ static struct {
 static int audit_syslog_facility(vfs_handle_struct *handle)
 {
 	static const struct enum_list enum_log_facilities[] = {
-		{ LOG_USER, "USER" },
-		{ LOG_LOCAL0, "LOCAL0" },
-		{ LOG_LOCAL1, "LOCAL1" },
-		{ LOG_LOCAL2, "LOCAL2" },
-		{ LOG_LOCAL3, "LOCAL3" },
-		{ LOG_LOCAL4, "LOCAL4" },
-		{ LOG_LOCAL5, "LOCAL5" },
-		{ LOG_LOCAL6, "LOCAL6" },
-		{ LOG_LOCAL7, "LOCAL7" },
-		{ -1, NULL}
+		{ LOG_AUTH,	"AUTH" },
+		{ LOG_CRON,	"CRON" },
+		{ LOG_DAEMON,	"DAEMON" },
+		{ LOG_FTP,	"FTP" },
+		{ LOG_KERN,	"KERN" },
+		{ LOG_LPR,	"LPR" },
+		{ LOG_MAIL,	"MAIL" },
+		{ LOG_NEWS,	"NEWS" },
+		{ LOG_NTP,	"NTP" },
+		{ LOG_SECURITY,	"SECURITY" },
+		{ LOG_SYSLOG,	"SYSLOG" },
+		{ LOG_USER,	"USER" },
+		{ LOG_UUCP,	"UUCP" },
+		{ LOG_LOCAL0,	"LOCAL0" },
+		{ LOG_LOCAL1,	"LOCAL1" },
+		{ LOG_LOCAL2,	"LOCAL2" },
+		{ LOG_LOCAL3,	"LOCAL3" },
+		{ LOG_LOCAL4,	"LOCAL4" },
+		{ LOG_LOCAL5,	"LOCAL5" },
+		{ LOG_LOCAL6,	"LOCAL6" },
+		{ LOG_LOCAL7,	"LOCAL7" },
+		{ -1,		NULL }
 	};
 
 	int facility;
@@ -387,7 +399,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
 		{ LOG_NOTICE, "NOTICE" },
 		{ LOG_INFO, "INFO" },
 		{ LOG_DEBUG, "DEBUG" },
-		{ -1, NULL}
+		{ -1, NULL }
 	};
 
 	int priority;
-- 
2.16.3


From b98fc517251ad25b695ef64453ffe3eaaffed5d8 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:19:42 +0800
Subject: [PATCH 2/3] Make "none" is the default setting for the successful and
 failed operations in the vfs_full_audit, so you don't blow up your server by
 just adding this module to the configuration.

---
 source3/modules/vfs_full_audit.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a52af4b5740..bc40c8137dc 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -624,6 +624,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 			 const char *svc, const char *user)
 {
 	int result;
+	const char *none[] = { "none" };
 	struct vfs_full_audit_private_data *pd = NULL;
 
 	result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
@@ -663,10 +664,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
 
 	pd->success_ops = init_bitmap(
 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
-					"success", NULL));
+					"success", none));
 	pd->failure_ops = init_bitmap(
 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
-					"failure", NULL));
+					"failure", none));
 
 	/* Store the private data. */
 	SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
-- 
2.16.3


From e25f3a6cfc284737d8df941686f6629568763103 Mon Sep 17 00:00:00 2001
From: "Timur I. Bakeyev" <timur@iXsystems.com>
Date: Fri, 22 Jun 2018 12:36:07 +0800
Subject: [PATCH 3/3] Document that vfs_full_audit defaults are "none" for the
 successful and failed operations.

---
 docs-xml/manpages/vfs_full_audit.8.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
index cefe66d8b6f..ac8473f9990 100644
--- a/docs-xml/manpages/vfs_full_audit.8.xml
+++ b/docs-xml/manpages/vfs_full_audit.8.xml
@@ -164,7 +164,7 @@
 		<para>LIST is a list of VFS operations that should be
 		recorded if they succeed. Operations are specified using
 		the names listed above. Operations can be unset by prefixing
-		the names with "!". The default is all operations.
+		the names with "!". The default is none operations.
 		</para>
 
 		</listitem>
@@ -176,7 +176,7 @@
 		<para>LIST is a list of VFS operations that should be
 		recorded if they failed. Operations are specified using
 		the names listed above. Operations can be unset by prefixing
-		the names with "!". The default is all operations.
+		the names with "!". The default is none operations.
 		</para>
 
 		</listitem>
-- 
2.16.3