2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir create_file
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp
42 * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist
43 * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt
44 * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt
46 * where "nobody" is the connected username and "192.168.234.1" is the
47 * client's IP address.
51 * prefix: A macro expansion template prepended to the syslog entry.
53 * success: A list of VFS operations for which a successful completion should
54 * be logged. Defaults to no logging at all. The special operation "all" logs
55 * - you guessed it - everything.
57 * failure: A list of VFS operations for which failure to complete should be
58 * logged. Defaults to logging everything.
63 #include "system/filesys.h"
64 #include "system/syslog.h"
65 #include "smbd/smbd.h"
66 #include "../librpc/gen_ndr/ndr_netlogon.h"
69 #include "lib/param/loadparm.h"
70 #include "lib/util/bitmap.h"
71 #include "lib/util/tevent_unix.h"
72 #include "libcli/security/sddl.h"
73 #include "passdb/machine_sid.h"
74 #include "lib/util/tevent_ntstatus.h"
76 static int vfs_full_audit_debug_level = DBGC_VFS;
78 struct vfs_full_audit_private_data {
79 struct bitmap *success_ops;
80 struct bitmap *failure_ops;
88 #define DBGC_CLASS vfs_full_audit_debug_level
90 typedef enum _vfs_op_type {
95 SMB_VFS_OP_CONNECT = 0,
96 SMB_VFS_OP_DISCONNECT,
100 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
102 SMB_VFS_OP_FS_CAPABILITIES,
103 SMB_VFS_OP_GET_DFS_REFERRALS,
105 /* Directory operations */
108 SMB_VFS_OP_FDOPENDIR,
112 SMB_VFS_OP_REWINDDIR,
116 /* File operations */
119 SMB_VFS_OP_CREATE_FILE,
123 SMB_VFS_OP_PREAD_SEND,
124 SMB_VFS_OP_PREAD_RECV,
127 SMB_VFS_OP_PWRITE_SEND,
128 SMB_VFS_OP_PWRITE_RECV,
134 SMB_VFS_OP_FSYNC_SEND,
135 SMB_VFS_OP_FSYNC_RECV,
139 SMB_VFS_OP_GET_ALLOC_SIZE,
149 SMB_VFS_OP_FTRUNCATE,
150 SMB_VFS_OP_FALLOCATE,
152 SMB_VFS_OP_KERNEL_FLOCK,
154 SMB_VFS_OP_LINUX_SETLEASE,
156 SMB_VFS_OP_SYMLINKAT,
157 SMB_VFS_OP_READLINKAT,
162 SMB_VFS_OP_FILE_ID_CREATE,
163 SMB_VFS_OP_FS_FILE_ID,
164 SMB_VFS_OP_STREAMINFO,
165 SMB_VFS_OP_GET_REAL_FILENAME,
166 SMB_VFS_OP_CONNECTPATH,
167 SMB_VFS_OP_BRL_LOCK_WINDOWS,
168 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
169 SMB_VFS_OP_STRICT_LOCK_CHECK,
170 SMB_VFS_OP_TRANSLATE_NAME,
172 SMB_VFS_OP_OFFLOAD_READ_SEND,
173 SMB_VFS_OP_OFFLOAD_READ_RECV,
174 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
175 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
176 SMB_VFS_OP_GET_COMPRESSION,
177 SMB_VFS_OP_SET_COMPRESSION,
178 SMB_VFS_OP_SNAP_CHECK_PATH,
179 SMB_VFS_OP_SNAP_CREATE,
180 SMB_VFS_OP_SNAP_DELETE,
182 /* DOS attribute operations. */
183 SMB_VFS_OP_GET_DOS_ATTRIBUTES,
184 SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
185 SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
186 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
187 SMB_VFS_OP_SET_DOS_ATTRIBUTES,
188 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
190 /* NT ACL operations. */
192 SMB_VFS_OP_FGET_NT_ACL,
193 SMB_VFS_OP_GET_NT_ACL,
194 SMB_VFS_OP_FSET_NT_ACL,
195 SMB_VFS_OP_AUDIT_FILE,
197 /* POSIX ACL operations. */
199 SMB_VFS_OP_SYS_ACL_GET_FILE,
200 SMB_VFS_OP_SYS_ACL_GET_FD,
201 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
202 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
203 SMB_VFS_OP_SYS_ACL_SET_FILE,
204 SMB_VFS_OP_SYS_ACL_SET_FD,
205 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
209 SMB_VFS_OP_GETXATTRAT_SEND,
210 SMB_VFS_OP_GETXATTRAT_RECV,
211 SMB_VFS_OP_FGETXATTR,
212 SMB_VFS_OP_LISTXATTR,
213 SMB_VFS_OP_FLISTXATTR,
214 SMB_VFS_OP_REMOVEXATTR,
215 SMB_VFS_OP_FREMOVEXATTR,
217 SMB_VFS_OP_FSETXATTR,
220 SMB_VFS_OP_AIO_FORCE,
222 /* offline operations */
223 SMB_VFS_OP_IS_OFFLINE,
224 SMB_VFS_OP_SET_OFFLINE,
226 /* Durable handle operations. */
227 SMB_VFS_OP_DURABLE_COOKIE,
228 SMB_VFS_OP_DURABLE_DISCONNECT,
229 SMB_VFS_OP_DURABLE_RECONNECT,
231 SMB_VFS_OP_READDIR_ATTR,
233 /* This should always be last enum value */
238 /* The following array *must* be in the same order as defined in vfs_op_type */
244 { SMB_VFS_OP_CONNECT, "connect" },
245 { SMB_VFS_OP_DISCONNECT, "disconnect" },
246 { SMB_VFS_OP_DISK_FREE, "disk_free" },
247 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
248 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
249 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
250 { SMB_VFS_OP_STATVFS, "statvfs" },
251 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
252 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
253 { SMB_VFS_OP_OPENDIR, "opendir" },
254 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
255 { SMB_VFS_OP_READDIR, "readdir" },
256 { SMB_VFS_OP_SEEKDIR, "seekdir" },
257 { SMB_VFS_OP_TELLDIR, "telldir" },
258 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
259 { SMB_VFS_OP_MKDIRAT, "mkdirat" },
260 { SMB_VFS_OP_CLOSEDIR, "closedir" },
261 { SMB_VFS_OP_OPEN, "open" },
262 { SMB_VFS_OP_CREATE_FILE, "create_file" },
263 { SMB_VFS_OP_CLOSE, "close" },
264 { SMB_VFS_OP_READ, "read" },
265 { SMB_VFS_OP_PREAD, "pread" },
266 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
267 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
268 { SMB_VFS_OP_WRITE, "write" },
269 { SMB_VFS_OP_PWRITE, "pwrite" },
270 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
271 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
272 { SMB_VFS_OP_LSEEK, "lseek" },
273 { SMB_VFS_OP_SENDFILE, "sendfile" },
274 { SMB_VFS_OP_RECVFILE, "recvfile" },
275 { SMB_VFS_OP_RENAMEAT, "renameat" },
276 { SMB_VFS_OP_FSYNC, "fsync" },
277 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
278 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
279 { SMB_VFS_OP_STAT, "stat" },
280 { SMB_VFS_OP_FSTAT, "fstat" },
281 { SMB_VFS_OP_LSTAT, "lstat" },
282 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
283 { SMB_VFS_OP_UNLINKAT, "unlinkat" },
284 { SMB_VFS_OP_CHMOD, "chmod" },
285 { SMB_VFS_OP_FCHMOD, "fchmod" },
286 { SMB_VFS_OP_CHOWN, "chown" },
287 { SMB_VFS_OP_FCHOWN, "fchown" },
288 { SMB_VFS_OP_LCHOWN, "lchown" },
289 { SMB_VFS_OP_CHDIR, "chdir" },
290 { SMB_VFS_OP_GETWD, "getwd" },
291 { SMB_VFS_OP_NTIMES, "ntimes" },
292 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
293 { SMB_VFS_OP_FALLOCATE,"fallocate" },
294 { SMB_VFS_OP_LOCK, "lock" },
295 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
296 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
297 { SMB_VFS_OP_GETLOCK, "getlock" },
298 { SMB_VFS_OP_SYMLINKAT, "symlinkat" },
299 { SMB_VFS_OP_READLINKAT,"readlinkat" },
300 { SMB_VFS_OP_LINKAT, "linkat" },
301 { SMB_VFS_OP_MKNODAT, "mknodat" },
302 { SMB_VFS_OP_REALPATH, "realpath" },
303 { SMB_VFS_OP_CHFLAGS, "chflags" },
304 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
305 { SMB_VFS_OP_FS_FILE_ID, "fs_file_id" },
306 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
307 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
308 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
309 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
310 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
311 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
312 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
313 { SMB_VFS_OP_FSCTL, "fsctl" },
314 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
315 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
316 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
317 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
318 { SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
319 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
320 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
321 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
322 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
323 { SMB_VFS_OP_GET_DOS_ATTRIBUTES, "get_dos_attributes" },
324 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, "get_dos_attributes_send" },
325 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, "get_dos_attributes_recv" },
326 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
327 { SMB_VFS_OP_SET_DOS_ATTRIBUTES, "set_dos_attributes" },
328 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
329 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
330 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
331 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
332 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
333 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
334 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
335 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
336 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
337 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
338 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
339 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
340 { SMB_VFS_OP_GETXATTR, "getxattr" },
341 { SMB_VFS_OP_GETXATTRAT_SEND, "getxattrat_send" },
342 { SMB_VFS_OP_GETXATTRAT_RECV, "getxattrat_recv" },
343 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
344 { SMB_VFS_OP_LISTXATTR, "listxattr" },
345 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
346 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
347 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
348 { SMB_VFS_OP_SETXATTR, "setxattr" },
349 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
350 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
351 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
352 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
353 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
354 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
355 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
356 { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
357 { SMB_VFS_OP_LAST, NULL }
360 static int audit_syslog_facility(vfs_handle_struct *handle)
362 static const struct enum_list enum_log_facilities[] = {
364 { LOG_AUTH, "AUTH" },
367 { LOG_AUTHPRIV, "AUTHPRIV" },
370 { LOG_AUDIT, "AUDIT" },
373 { LOG_CONSOLE, "CONSOLE" },
376 { LOG_CRON, "CRON" },
379 { LOG_DAEMON, "DAEMON" },
385 { LOG_INSTALL, "INSTALL" },
388 { LOG_KERN, "KERN" },
391 { LOG_LAUNCHD, "LAUNCHD" },
394 { LOG_LFMT, "LFMT" },
400 { LOG_MAIL, "MAIL" },
403 { LOG_MEGASAFE, "MEGASAFE" },
406 { LOG_NETINFO, "NETINFO" },
409 { LOG_NEWS, "NEWS" },
411 #ifdef LOG_NFACILITIES
412 { LOG_NFACILITIES, "NFACILITIES" },
420 #ifdef LOG_REMOTEAUTH
421 { LOG_REMOTEAUTH, "REMOTEAUTH" },
424 { LOG_SECURITY, "SECURITY" },
427 { LOG_SYSLOG, "SYSLOG" },
430 { LOG_USER, "USER" },
433 { LOG_UUCP, "UUCP" },
435 { LOG_LOCAL0, "LOCAL0" },
436 { LOG_LOCAL1, "LOCAL1" },
437 { LOG_LOCAL2, "LOCAL2" },
438 { LOG_LOCAL3, "LOCAL3" },
439 { LOG_LOCAL4, "LOCAL4" },
440 { LOG_LOCAL5, "LOCAL5" },
441 { LOG_LOCAL6, "LOCAL6" },
442 { LOG_LOCAL7, "LOCAL7" },
448 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
453 static int audit_syslog_priority(vfs_handle_struct *handle)
455 static const struct enum_list enum_log_priorities[] = {
456 { LOG_EMERG, "EMERG" },
457 { LOG_ALERT, "ALERT" },
458 { LOG_CRIT, "CRIT" },
460 { LOG_WARNING, "WARNING" },
461 { LOG_NOTICE, "NOTICE" },
462 { LOG_INFO, "INFO" },
463 { LOG_DEBUG, "DEBUG" },
469 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
470 enum_log_priorities, LOG_NOTICE);
471 if (priority == -1) {
472 priority = LOG_WARNING;
478 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
483 prefix = talloc_strdup(ctx,
484 lp_parm_const_string(SNUM(conn), "full_audit",
489 result = talloc_sub_advanced(ctx,
490 lp_servicename(talloc_tos(), SNUM(conn)),
491 conn->session_info->unix_info->unix_name,
493 conn->session_info->unix_token->gid,
494 conn->session_info->unix_info->sanitized_username,
495 conn->session_info->info->domain_name,
501 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
503 if (pd->success_ops == NULL) {
507 return bitmap_query(pd->success_ops, op);
510 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
512 if (pd->failure_ops == NULL)
515 return bitmap_query(pd->failure_ops, op);
518 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
526 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
528 DEBUG(0, ("Could not alloc bitmap -- "
529 "defaulting to logging everything\n"));
533 for (; *ops != NULL; ops += 1) {
538 if (strequal(*ops, "all")) {
539 for (i=0; i<SMB_VFS_OP_LAST; i++) {
545 if (strequal(*ops, "none")) {
555 for (i=0; i<SMB_VFS_OP_LAST; i++) {
556 if ((vfs_op_names[i].name == NULL)
557 || (vfs_op_names[i].type != i)) {
558 smb_panic("vfs_full_audit.c: name table not "
559 "in sync with vfs_op_type enums\n");
561 if (strequal(op, vfs_op_names[i].name)) {
570 if (i == SMB_VFS_OP_LAST) {
571 DEBUG(0, ("Could not find opname %s, logging all\n",
580 static const char *audit_opname(vfs_op_type op)
582 if (op >= SMB_VFS_OP_LAST)
583 return "INVALID VFS OP";
584 return vfs_op_names[op].name;
587 static TALLOC_CTX *tmp_do_log_ctx;
589 * Get us a temporary talloc context usable just for DEBUG arguments
591 static TALLOC_CTX *do_log_ctx(void)
593 if (tmp_do_log_ctx == NULL) {
594 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
596 return tmp_do_log_ctx;
599 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
600 const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
602 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
603 const char *format, ...)
605 struct vfs_full_audit_private_data *pd;
607 char *audit_pre = NULL;
611 SMB_VFS_HANDLE_GET_DATA(handle, pd,
612 struct vfs_full_audit_private_data,
615 if (success && (!log_success(pd, op)))
618 if (!success && (!log_failure(pd, op)))
622 fstrcpy(err_msg, "ok");
624 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
626 va_start(ap, format);
627 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
634 audit_pre = audit_prefix(talloc_tos(), handle->conn);
640 * Specify the facility to interoperate with other syslog
641 * callers (smbd for example).
643 priority = pd->syslog_priority | pd->syslog_facility;
645 syslog(priority, "%s|%s|%s|%s\n",
646 audit_pre ? audit_pre : "",
647 audit_opname(op), err_msg, op_msg);
649 DEBUG(1, ("%s|%s|%s|%s\n",
650 audit_pre ? audit_pre : "",
651 audit_opname(op), err_msg, op_msg));
654 TALLOC_FREE(audit_pre);
656 TALLOC_FREE(tmp_do_log_ctx);
660 * Return a string using the do_log_ctx()
662 static const char *smb_fname_str_do_log(struct connection_struct *conn,
663 const struct smb_filename *smb_fname)
668 if (smb_fname == NULL) {
672 if (smb_fname->base_name[0] != '/') {
673 char *abs_name = NULL;
674 struct smb_filename *fname_copy = cp_smb_filename(
677 if (fname_copy == NULL) {
681 if (!ISDOT(smb_fname->base_name)) {
682 abs_name = talloc_asprintf(do_log_ctx(),
684 conn->cwd_fsp->fsp_name->base_name,
685 smb_fname->base_name);
687 abs_name = talloc_strdup(do_log_ctx(),
688 conn->cwd_fsp->fsp_name->base_name);
690 if (abs_name == NULL) {
693 fname_copy->base_name = abs_name;
694 smb_fname = fname_copy;
697 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
698 if (!NT_STATUS_IS_OK(status)) {
705 * Return an fsp debug string using the do_log_ctx()
707 static const char *fsp_str_do_log(const struct files_struct *fsp)
709 return smb_fname_str_do_log(fsp->conn, fsp->fsp_name);
712 /* Implementation of vfs_ops. Pass everything on to the default
713 operation but log event first. */
715 static int smb_full_audit_connect(vfs_handle_struct *handle,
716 const char *svc, const char *user)
719 const char *none[] = { "none" };
720 struct vfs_full_audit_private_data *pd = NULL;
722 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
727 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
729 SMB_VFS_NEXT_DISCONNECT(handle);
733 pd->syslog_facility = audit_syslog_facility(handle);
734 if (pd->syslog_facility == -1) {
735 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
736 lp_parm_const_string(SNUM(handle->conn),
737 "full_audit", "facility",
739 SMB_VFS_NEXT_DISCONNECT(handle);
743 pd->syslog_priority = audit_syslog_priority(handle);
745 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
746 "full_audit", "log_secdesc", false);
748 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
749 "full_audit", "syslog", true);
753 openlog("smbd_audit", 0, pd->syslog_facility);
757 pd->success_ops = init_bitmap(
758 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
760 pd->failure_ops = init_bitmap(
761 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
764 /* Store the private data. */
765 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
766 struct vfs_full_audit_private_data, return -1);
768 do_log(SMB_VFS_OP_CONNECT, True, handle,
774 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
776 SMB_VFS_NEXT_DISCONNECT(handle);
778 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
779 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
781 /* The bitmaps will be disconnected when the private
785 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
786 const struct smb_filename *smb_fname,
793 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
795 /* Don't have a reasonable notion of failure here */
797 do_log(SMB_VFS_OP_DISK_FREE,
801 smb_fname_str_do_log(handle->conn, smb_fname));
806 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
807 const struct smb_filename *smb_fname,
808 enum SMB_QUOTA_TYPE qtype,
814 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
816 do_log(SMB_VFS_OP_GET_QUOTA,
820 smb_fname_str_do_log(handle->conn, smb_fname));
825 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
826 enum SMB_QUOTA_TYPE qtype, unid_t id,
831 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
833 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
838 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
839 struct files_struct *fsp,
840 struct shadow_copy_data *shadow_copy_data,
845 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
847 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
852 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
853 const struct smb_filename *smb_fname,
854 struct vfs_statvfs_struct *statbuf)
858 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
860 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
865 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
869 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
871 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
876 static NTSTATUS smb_full_audit_get_dfs_referrals(
877 struct vfs_handle_struct *handle,
878 struct dfs_GetDFSReferral *r)
882 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
884 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
890 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
892 const char *service_path,
897 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
899 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
905 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
907 const char *base_volume,
915 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
916 rw, base_path, snap_path);
917 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
922 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
929 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
931 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
936 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
937 const struct smb_filename *smb_fname,
943 result = SMB_VFS_NEXT_OPENDIR(handle, smb_fname, mask, attr);
945 do_log(SMB_VFS_OP_OPENDIR,
949 smb_fname_str_do_log(handle->conn, smb_fname));
954 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
955 files_struct *fsp, const char *mask, uint32_t attr)
959 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
961 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
962 fsp_str_do_log(fsp));
967 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
968 DIR *dirp, SMB_STRUCT_STAT *sbuf)
970 struct dirent *result;
972 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
974 /* This operation has no reasonable error condition
975 * (End of dir is also failure), so always succeed.
977 do_log(SMB_VFS_OP_READDIR, True, handle, "");
982 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
983 DIR *dirp, long offset)
985 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
987 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
990 static long smb_full_audit_telldir(vfs_handle_struct *handle,
995 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
997 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1002 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1005 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1007 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1010 static int smb_full_audit_mkdirat(vfs_handle_struct *handle,
1011 struct files_struct *dirfsp,
1012 const struct smb_filename *smb_fname,
1017 result = SMB_VFS_NEXT_MKDIRAT(handle,
1022 do_log(SMB_VFS_OP_MKDIRAT,
1026 smb_fname_str_do_log(handle->conn, smb_fname));
1031 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1036 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1038 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1043 static int smb_full_audit_open(vfs_handle_struct *handle,
1044 struct smb_filename *smb_fname,
1045 files_struct *fsp, int flags, mode_t mode)
1049 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
1051 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1052 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1053 smb_fname_str_do_log(handle->conn, smb_fname));
1058 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1059 struct smb_request *req,
1060 uint16_t root_dir_fid,
1061 struct smb_filename *smb_fname,
1062 uint32_t access_mask,
1063 uint32_t share_access,
1064 uint32_t create_disposition,
1065 uint32_t create_options,
1066 uint32_t file_attributes,
1067 uint32_t oplock_request,
1068 const struct smb2_lease *lease,
1069 uint64_t allocation_size,
1070 uint32_t private_flags,
1071 struct security_descriptor *sd,
1072 struct ea_list *ea_list,
1073 files_struct **result_fsp,
1075 const struct smb2_create_blobs *in_context_blobs,
1076 struct smb2_create_blobs *out_context_blobs)
1079 const char* str_create_disposition;
1081 switch (create_disposition) {
1082 case FILE_SUPERSEDE:
1083 str_create_disposition = "supersede";
1085 case FILE_OVERWRITE_IF:
1086 str_create_disposition = "overwrite_if";
1089 str_create_disposition = "open";
1091 case FILE_OVERWRITE:
1092 str_create_disposition = "overwrite";
1095 str_create_disposition = "create";
1098 str_create_disposition = "open_if";
1101 str_create_disposition = "unknown";
1104 result = SMB_VFS_NEXT_CREATE_FILE(
1105 handle, /* handle */
1107 root_dir_fid, /* root_dir_fid */
1108 smb_fname, /* fname */
1109 access_mask, /* access_mask */
1110 share_access, /* share_access */
1111 create_disposition, /* create_disposition*/
1112 create_options, /* create_options */
1113 file_attributes, /* file_attributes */
1114 oplock_request, /* oplock_request */
1116 allocation_size, /* allocation_size */
1119 ea_list, /* ea_list */
1120 result_fsp, /* result */
1122 in_context_blobs, out_context_blobs); /* create context */
1124 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1125 "0x%x|%s|%s|%s", access_mask,
1126 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1127 str_create_disposition,
1128 smb_fname_str_do_log(handle->conn, smb_fname));
1133 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1137 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1139 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1140 fsp_str_do_log(fsp));
1145 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1146 void *data, size_t n, off_t offset)
1150 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1152 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1153 fsp_str_do_log(fsp));
1158 struct smb_full_audit_pread_state {
1159 vfs_handle_struct *handle;
1162 struct vfs_aio_state vfs_aio_state;
1165 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1167 static struct tevent_req *smb_full_audit_pread_send(
1168 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1169 struct tevent_context *ev, struct files_struct *fsp,
1170 void *data, size_t n, off_t offset)
1172 struct tevent_req *req, *subreq;
1173 struct smb_full_audit_pread_state *state;
1175 req = tevent_req_create(mem_ctx, &state,
1176 struct smb_full_audit_pread_state);
1178 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1179 fsp_str_do_log(fsp));
1182 state->handle = handle;
1185 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1187 if (tevent_req_nomem(subreq, req)) {
1188 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1189 fsp_str_do_log(fsp));
1190 return tevent_req_post(req, ev);
1192 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1194 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1198 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1200 struct tevent_req *req = tevent_req_callback_data(
1201 subreq, struct tevent_req);
1202 struct smb_full_audit_pread_state *state = tevent_req_data(
1203 req, struct smb_full_audit_pread_state);
1205 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1206 TALLOC_FREE(subreq);
1207 tevent_req_done(req);
1210 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1211 struct vfs_aio_state *vfs_aio_state)
1213 struct smb_full_audit_pread_state *state = tevent_req_data(
1214 req, struct smb_full_audit_pread_state);
1216 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1217 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1218 fsp_str_do_log(state->fsp));
1222 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1223 fsp_str_do_log(state->fsp));
1225 *vfs_aio_state = state->vfs_aio_state;
1229 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1230 const void *data, size_t n,
1235 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1237 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1238 fsp_str_do_log(fsp));
1243 struct smb_full_audit_pwrite_state {
1244 vfs_handle_struct *handle;
1247 struct vfs_aio_state vfs_aio_state;
1250 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1252 static struct tevent_req *smb_full_audit_pwrite_send(
1253 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1254 struct tevent_context *ev, struct files_struct *fsp,
1255 const void *data, size_t n, off_t offset)
1257 struct tevent_req *req, *subreq;
1258 struct smb_full_audit_pwrite_state *state;
1260 req = tevent_req_create(mem_ctx, &state,
1261 struct smb_full_audit_pwrite_state);
1263 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1264 fsp_str_do_log(fsp));
1267 state->handle = handle;
1270 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1272 if (tevent_req_nomem(subreq, req)) {
1273 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1274 fsp_str_do_log(fsp));
1275 return tevent_req_post(req, ev);
1277 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1279 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1280 fsp_str_do_log(fsp));
1284 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1286 struct tevent_req *req = tevent_req_callback_data(
1287 subreq, struct tevent_req);
1288 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1289 req, struct smb_full_audit_pwrite_state);
1291 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1292 TALLOC_FREE(subreq);
1293 tevent_req_done(req);
1296 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1297 struct vfs_aio_state *vfs_aio_state)
1299 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1300 req, struct smb_full_audit_pwrite_state);
1302 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1303 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1304 fsp_str_do_log(state->fsp));
1308 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1309 fsp_str_do_log(state->fsp));
1311 *vfs_aio_state = state->vfs_aio_state;
1315 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1316 off_t offset, int whence)
1320 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1322 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1323 "%s", fsp_str_do_log(fsp));
1328 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1329 files_struct *fromfsp,
1330 const DATA_BLOB *hdr, off_t offset,
1335 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1337 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1338 "%s", fsp_str_do_log(fromfsp));
1343 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1344 files_struct *tofsp,
1350 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1352 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1353 "%s", fsp_str_do_log(tofsp));
1358 static int smb_full_audit_renameat(vfs_handle_struct *handle,
1359 files_struct *srcfsp,
1360 const struct smb_filename *smb_fname_src,
1361 files_struct *dstfsp,
1362 const struct smb_filename *smb_fname_dst)
1366 result = SMB_VFS_NEXT_RENAMEAT(handle,
1372 do_log(SMB_VFS_OP_RENAMEAT, (result >= 0), handle, "%s|%s",
1373 smb_fname_str_do_log(handle->conn, smb_fname_src),
1374 smb_fname_str_do_log(handle->conn, smb_fname_dst));
1379 struct smb_full_audit_fsync_state {
1380 vfs_handle_struct *handle;
1383 struct vfs_aio_state vfs_aio_state;
1386 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1388 static struct tevent_req *smb_full_audit_fsync_send(
1389 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1390 struct tevent_context *ev, struct files_struct *fsp)
1392 struct tevent_req *req, *subreq;
1393 struct smb_full_audit_fsync_state *state;
1395 req = tevent_req_create(mem_ctx, &state,
1396 struct smb_full_audit_fsync_state);
1398 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1399 fsp_str_do_log(fsp));
1402 state->handle = handle;
1405 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1406 if (tevent_req_nomem(subreq, req)) {
1407 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1408 fsp_str_do_log(fsp));
1409 return tevent_req_post(req, ev);
1411 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1413 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1417 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1419 struct tevent_req *req = tevent_req_callback_data(
1420 subreq, struct tevent_req);
1421 struct smb_full_audit_fsync_state *state = tevent_req_data(
1422 req, struct smb_full_audit_fsync_state);
1424 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1425 TALLOC_FREE(subreq);
1426 tevent_req_done(req);
1429 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1430 struct vfs_aio_state *vfs_aio_state)
1432 struct smb_full_audit_fsync_state *state = tevent_req_data(
1433 req, struct smb_full_audit_fsync_state);
1435 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1436 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1437 fsp_str_do_log(state->fsp));
1441 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1442 fsp_str_do_log(state->fsp));
1444 *vfs_aio_state = state->vfs_aio_state;
1448 static int smb_full_audit_stat(vfs_handle_struct *handle,
1449 struct smb_filename *smb_fname)
1453 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1455 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1456 smb_fname_str_do_log(handle->conn, smb_fname));
1461 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1462 SMB_STRUCT_STAT *sbuf)
1466 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1468 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1469 fsp_str_do_log(fsp));
1474 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1475 struct smb_filename *smb_fname)
1479 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1481 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1482 smb_fname_str_do_log(handle->conn, smb_fname));
1487 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1488 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1492 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1494 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1495 "%llu", (unsigned long long)result);
1500 static int smb_full_audit_unlinkat(vfs_handle_struct *handle,
1501 struct files_struct *dirfsp,
1502 const struct smb_filename *smb_fname,
1507 result = SMB_VFS_NEXT_UNLINKAT(handle,
1512 do_log(SMB_VFS_OP_UNLINKAT, (result >= 0), handle, "%s",
1513 smb_fname_str_do_log(handle->conn, smb_fname));
1518 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1519 const struct smb_filename *smb_fname,
1524 result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
1526 do_log(SMB_VFS_OP_CHMOD,
1530 smb_fname_str_do_log(handle->conn, smb_fname),
1536 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1541 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1543 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1544 "%s|%o", fsp_str_do_log(fsp), mode);
1549 static int smb_full_audit_chown(vfs_handle_struct *handle,
1550 const struct smb_filename *smb_fname,
1556 result = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
1558 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1559 smb_fname->base_name, (long int)uid, (long int)gid);
1564 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1565 uid_t uid, gid_t gid)
1569 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1571 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1572 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1577 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1578 const struct smb_filename *smb_fname,
1584 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1586 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1587 smb_fname->base_name, (long int)uid, (long int)gid);
1592 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1593 const struct smb_filename *smb_fname)
1597 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1599 do_log(SMB_VFS_OP_CHDIR,
1603 smb_fname_str_do_log(handle->conn, smb_fname));
1608 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1611 struct smb_filename *result;
1613 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1615 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1616 result == NULL? "" : result->base_name);
1621 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1622 const struct smb_filename *smb_fname,
1623 struct smb_file_time *ft)
1626 time_t create_time = convert_timespec_to_time_t(ft->create_time);
1627 time_t atime = convert_timespec_to_time_t(ft->atime);
1628 time_t mtime = convert_timespec_to_time_t(ft->mtime);
1629 time_t ctime = convert_timespec_to_time_t(ft->ctime);
1630 const char *create_time_str = "";
1631 const char *atime_str = "";
1632 const char *mtime_str = "";
1633 const char *ctime_str = "";
1634 TALLOC_CTX *frame = talloc_stackframe();
1636 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1638 if (create_time > 0) {
1639 create_time_str = timestring(frame, create_time);
1642 atime_str = timestring(frame, atime);
1645 mtime_str = timestring(frame, mtime);
1648 ctime_str = timestring(frame, ctime);
1651 do_log(SMB_VFS_OP_NTIMES,
1655 smb_fname_str_do_log(handle->conn, smb_fname),
1666 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1671 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1673 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1674 "%s", fsp_str_do_log(fsp));
1679 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1686 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1688 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1689 "%s", fsp_str_do_log(fsp));
1694 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1695 int op, off_t offset, off_t count, int type)
1699 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1701 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1706 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1707 struct files_struct *fsp,
1708 uint32_t share_mode, uint32_t access_mask)
1712 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1714 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1715 fsp_str_do_log(fsp));
1720 static int smb_full_audit_fcntl(struct vfs_handle_struct *handle,
1721 struct files_struct *fsp,
1722 int cmd, va_list cmd_arg)
1725 va_list dup_cmd_arg;
1728 va_copy(dup_cmd_arg, cmd_arg);
1729 arg = va_arg(dup_cmd_arg, void *);
1730 result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
1731 va_end(dup_cmd_arg);
1733 do_log(SMB_VFS_OP_FCNTL, (result >= 0), handle, "%s",
1734 fsp_str_do_log(fsp));
1739 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1744 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1746 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1747 fsp_str_do_log(fsp));
1752 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1753 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1757 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1759 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1764 static int smb_full_audit_symlinkat(vfs_handle_struct *handle,
1765 const char *link_contents,
1766 struct files_struct *dirfsp,
1767 const struct smb_filename *new_smb_fname)
1771 result = SMB_VFS_NEXT_SYMLINKAT(handle,
1776 do_log(SMB_VFS_OP_SYMLINKAT,
1781 smb_fname_str_do_log(handle->conn, new_smb_fname));
1786 static int smb_full_audit_readlinkat(vfs_handle_struct *handle,
1787 files_struct *dirfsp,
1788 const struct smb_filename *smb_fname,
1794 result = SMB_VFS_NEXT_READLINKAT(handle,
1800 do_log(SMB_VFS_OP_READLINKAT,
1804 smb_fname_str_do_log(handle->conn, smb_fname));
1809 static int smb_full_audit_linkat(vfs_handle_struct *handle,
1810 files_struct *srcfsp,
1811 const struct smb_filename *old_smb_fname,
1812 files_struct *dstfsp,
1813 const struct smb_filename *new_smb_fname,
1818 result = SMB_VFS_NEXT_LINKAT(handle,
1825 do_log(SMB_VFS_OP_LINKAT,
1829 smb_fname_str_do_log(handle->conn, old_smb_fname),
1830 smb_fname_str_do_log(handle->conn, new_smb_fname));
1835 static int smb_full_audit_mknodat(vfs_handle_struct *handle,
1836 files_struct *dirfsp,
1837 const struct smb_filename *smb_fname,
1843 result = SMB_VFS_NEXT_MKNODAT(handle,
1849 do_log(SMB_VFS_OP_MKNODAT,
1853 smb_fname_str_do_log(handle->conn, smb_fname));
1858 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1860 const struct smb_filename *smb_fname)
1862 struct smb_filename *result_fname = NULL;
1864 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1866 do_log(SMB_VFS_OP_REALPATH,
1867 (result_fname != NULL),
1870 smb_fname_str_do_log(handle->conn, smb_fname));
1872 return result_fname;
1875 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1876 const struct smb_filename *smb_fname,
1881 result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags);
1883 do_log(SMB_VFS_OP_CHFLAGS,
1887 smb_fname_str_do_log(handle->conn, smb_fname));
1892 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1893 const SMB_STRUCT_STAT *sbuf)
1895 struct file_id id_zero;
1896 struct file_id result;
1898 ZERO_STRUCT(id_zero);
1900 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1902 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1903 !file_id_equal(&id_zero, &result),
1904 handle, "%s", file_id_string_tos(&result));
1909 static uint64_t smb_full_audit_fs_file_id(struct vfs_handle_struct *handle,
1910 const SMB_STRUCT_STAT *sbuf)
1914 result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf);
1916 do_log(SMB_VFS_OP_FS_FILE_ID,
1918 handle, "%" PRIu64, result);
1923 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1924 struct files_struct *fsp,
1925 const struct smb_filename *smb_fname,
1926 TALLOC_CTX *mem_ctx,
1927 unsigned int *pnum_streams,
1928 struct stream_struct **pstreams)
1932 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx,
1933 pnum_streams, pstreams);
1935 do_log(SMB_VFS_OP_STREAMINFO,
1936 NT_STATUS_IS_OK(result),
1939 smb_fname_str_do_log(handle->conn, smb_fname));
1944 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1947 TALLOC_CTX *mem_ctx,
1952 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1955 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1956 "%s/%s->%s", path, name, (result == 0) ? *found_name : "");
1961 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1962 const struct smb_filename *smb_fname)
1966 result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
1968 do_log(SMB_VFS_OP_CONNECTPATH,
1972 smb_fname_str_do_log(handle->conn, smb_fname));
1977 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1978 struct byte_range_lock *br_lck,
1979 struct lock_struct *plock)
1983 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock);
1985 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1986 "%s:%llu-%llu. type=%d.",
1987 fsp_str_do_log(brl_fsp(br_lck)),
1988 (unsigned long long)plock->start,
1989 (unsigned long long)plock->size,
1995 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1996 struct byte_range_lock *br_lck,
1997 const struct lock_struct *plock)
2001 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock);
2003 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
2004 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
2005 (unsigned long long)plock->start,
2006 (unsigned long long)plock->size,
2012 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
2013 struct files_struct *fsp,
2014 struct lock_struct *plock)
2018 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
2020 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
2021 "%s:%llu-%llu:%d", fsp_str_do_log(fsp),
2022 (unsigned long long)plock->start,
2023 (unsigned long long)plock->size,
2029 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
2031 enum vfs_translate_direction direction,
2032 TALLOC_CTX *mem_ctx,
2037 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
2040 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
2045 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
2046 struct files_struct *fsp,
2050 const uint8_t *_in_data,
2052 uint8_t **_out_data,
2053 uint32_t max_out_len,
2058 result = SMB_VFS_NEXT_FSCTL(handle,
2069 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
2074 static struct tevent_req *smb_full_audit_offload_read_send(
2075 TALLOC_CTX *mem_ctx,
2076 struct tevent_context *ev,
2077 struct vfs_handle_struct *handle,
2078 struct files_struct *fsp,
2084 struct tevent_req *req = NULL;
2086 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
2087 fsctl, ttl, offset, to_copy);
2089 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
2094 static NTSTATUS smb_full_audit_offload_read_recv(
2095 struct tevent_req *req,
2096 struct vfs_handle_struct *handle,
2097 TALLOC_CTX *mem_ctx,
2098 DATA_BLOB *_token_blob)
2102 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
2105 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
2110 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
2111 TALLOC_CTX *mem_ctx,
2112 struct tevent_context *ev,
2115 off_t transfer_offset,
2116 struct files_struct *dest_fsp,
2120 struct tevent_req *req;
2122 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
2123 fsctl, token, transfer_offset,
2124 dest_fsp, dest_off, num);
2126 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
2131 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
2132 struct tevent_req *req,
2137 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
2139 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
2144 static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
2145 TALLOC_CTX *mem_ctx,
2146 struct files_struct *fsp,
2147 struct smb_filename *smb_fname,
2148 uint16_t *_compression_fmt)
2152 result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
2155 do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2157 (fsp ? fsp_str_do_log(fsp) :
2158 smb_fname_str_do_log(handle->conn, smb_fname)));
2163 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
2164 TALLOC_CTX *mem_ctx,
2165 struct files_struct *fsp,
2166 uint16_t compression_fmt)
2170 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
2173 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2174 "%s", fsp_str_do_log(fsp));
2179 static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
2180 const struct smb_filename *fname,
2181 TALLOC_CTX *mem_ctx,
2182 struct readdir_attr_data **pattr_data)
2186 status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
2188 do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
2189 smb_fname_str_do_log(handle->conn, fname));
2194 static NTSTATUS smb_full_audit_get_dos_attributes(
2195 struct vfs_handle_struct *handle,
2196 struct smb_filename *smb_fname,
2201 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
2205 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES,
2206 NT_STATUS_IS_OK(status),
2209 smb_fname_str_do_log(handle->conn, smb_fname));
2214 struct smb_full_audit_get_dos_attributes_state {
2215 struct vfs_aio_state aio_state;
2216 vfs_handle_struct *handle;
2217 files_struct *dir_fsp;
2218 const struct smb_filename *smb_fname;
2222 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq);
2224 static struct tevent_req *smb_full_audit_get_dos_attributes_send(
2225 TALLOC_CTX *mem_ctx,
2226 struct tevent_context *ev,
2227 struct vfs_handle_struct *handle,
2228 files_struct *dir_fsp,
2229 struct smb_filename *smb_fname)
2231 struct tevent_req *req = NULL;
2232 struct smb_full_audit_get_dos_attributes_state *state = NULL;
2233 struct tevent_req *subreq = NULL;
2235 req = tevent_req_create(mem_ctx, &state,
2236 struct smb_full_audit_get_dos_attributes_state);
2238 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2242 fsp_str_do_log(dir_fsp),
2243 smb_fname->base_name);
2246 *state = (struct smb_full_audit_get_dos_attributes_state) {
2249 .smb_fname = smb_fname,
2252 subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx,
2257 if (tevent_req_nomem(subreq, req)) {
2258 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2262 fsp_str_do_log(dir_fsp),
2263 smb_fname->base_name);
2264 return tevent_req_post(req, ev);
2266 tevent_req_set_callback(subreq,
2267 smb_full_audit_get_dos_attributes_done,
2270 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2274 fsp_str_do_log(dir_fsp),
2275 smb_fname->base_name);
2280 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq)
2282 struct tevent_req *req =
2283 tevent_req_callback_data(subreq,
2285 struct smb_full_audit_get_dos_attributes_state *state =
2286 tevent_req_data(req,
2287 struct smb_full_audit_get_dos_attributes_state);
2290 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq,
2293 TALLOC_FREE(subreq);
2294 if (tevent_req_nterror(req, status)) {
2298 tevent_req_done(req);
2302 static NTSTATUS smb_full_audit_get_dos_attributes_recv(struct tevent_req *req,
2303 struct vfs_aio_state *aio_state,
2306 struct smb_full_audit_get_dos_attributes_state *state =
2307 tevent_req_data(req,
2308 struct smb_full_audit_get_dos_attributes_state);
2311 if (tevent_req_is_nterror(req, &status)) {
2312 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2316 fsp_str_do_log(state->dir_fsp),
2317 state->smb_fname->base_name);
2318 tevent_req_received(req);
2322 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2326 fsp_str_do_log(state->dir_fsp),
2327 state->smb_fname->base_name);
2329 *aio_state = state->aio_state;
2330 *dosmode = state->dosmode;
2331 tevent_req_received(req);
2332 return NT_STATUS_OK;
2335 static NTSTATUS smb_full_audit_fget_dos_attributes(
2336 struct vfs_handle_struct *handle,
2337 struct files_struct *fsp,
2342 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2346 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2347 NT_STATUS_IS_OK(status),
2350 fsp_str_do_log(fsp));
2355 static NTSTATUS smb_full_audit_set_dos_attributes(
2356 struct vfs_handle_struct *handle,
2357 const struct smb_filename *smb_fname,
2362 status = SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
2366 do_log(SMB_VFS_OP_SET_DOS_ATTRIBUTES,
2367 NT_STATUS_IS_OK(status),
2370 smb_fname_str_do_log(handle->conn, smb_fname));
2375 static NTSTATUS smb_full_audit_fset_dos_attributes(
2376 struct vfs_handle_struct *handle,
2377 struct files_struct *fsp,
2382 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2386 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2387 NT_STATUS_IS_OK(status),
2390 fsp_str_do_log(fsp));
2395 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2396 uint32_t security_info,
2397 TALLOC_CTX *mem_ctx,
2398 struct security_descriptor **ppdesc)
2402 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2405 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2406 "%s", fsp_str_do_log(fsp));
2411 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
2412 const struct smb_filename *smb_fname,
2413 uint32_t security_info,
2414 TALLOC_CTX *mem_ctx,
2415 struct security_descriptor **ppdesc)
2419 result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
2422 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2423 "%s", smb_fname_str_do_log(handle->conn, smb_fname));
2428 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2429 uint32_t security_info_sent,
2430 const struct security_descriptor *psd)
2432 struct vfs_full_audit_private_data *pd;
2436 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2437 struct vfs_full_audit_private_data,
2438 return NT_STATUS_INTERNAL_ERROR);
2440 if (pd->log_secdesc) {
2441 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2444 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2446 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2447 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2454 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2455 struct smb_filename *file,
2456 struct security_acl *sacl,
2457 uint32_t access_requested,
2458 uint32_t access_denied)
2462 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2468 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2470 smb_fname_str_do_log(handle->conn, file));
2475 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
2476 const struct smb_filename *smb_fname,
2477 SMB_ACL_TYPE_T type,
2478 TALLOC_CTX *mem_ctx)
2482 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
2485 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE,
2489 smb_fname_str_do_log(handle->conn, smb_fname));
2494 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2495 files_struct *fsp, TALLOC_CTX *mem_ctx)
2499 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
2501 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2502 "%s", fsp_str_do_log(fsp));
2507 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
2508 const struct smb_filename *smb_fname,
2509 TALLOC_CTX *mem_ctx,
2510 char **blob_description,
2515 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
2516 mem_ctx, blob_description, blob);
2518 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
2522 smb_fname_str_do_log(handle->conn, smb_fname));
2527 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2529 TALLOC_CTX *mem_ctx,
2530 char **blob_description,
2535 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2537 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2538 "%s", fsp_str_do_log(fsp));
2543 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
2544 const struct smb_filename *smb_fname,
2545 SMB_ACL_TYPE_T acltype,
2550 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname, acltype,
2553 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE,
2557 smb_fname_str_do_log(handle->conn, smb_fname));
2562 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
2567 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
2569 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2570 "%s", fsp_str_do_log(fsp));
2575 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2576 const struct smb_filename *smb_fname)
2580 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
2582 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
2586 smb_fname_str_do_log(handle->conn, smb_fname));
2591 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2592 const struct smb_filename *smb_fname,
2593 const char *name, void *value, size_t size)
2597 result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size);
2599 do_log(SMB_VFS_OP_GETXATTR,
2603 smb_fname_str_do_log(handle->conn, smb_fname),
2609 struct smb_full_audit_getxattrat_state {
2610 struct vfs_aio_state aio_state;
2611 vfs_handle_struct *handle;
2612 files_struct *dir_fsp;
2613 const struct smb_filename *smb_fname;
2614 const char *xattr_name;
2616 uint8_t *xattr_value;
2619 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq);
2621 static struct tevent_req *smb_full_audit_getxattrat_send(
2622 TALLOC_CTX *mem_ctx,
2623 struct tevent_context *ev,
2624 struct vfs_handle_struct *handle,
2625 files_struct *dir_fsp,
2626 const struct smb_filename *smb_fname,
2627 const char *xattr_name,
2630 struct tevent_req *req = NULL;
2631 struct tevent_req *subreq = NULL;
2632 struct smb_full_audit_getxattrat_state *state = NULL;
2634 req = tevent_req_create(mem_ctx, &state,
2635 struct smb_full_audit_getxattrat_state);
2637 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2641 fsp_str_do_log(dir_fsp),
2642 smb_fname->base_name,
2646 *state = (struct smb_full_audit_getxattrat_state) {
2649 .smb_fname = smb_fname,
2650 .xattr_name = xattr_name,
2653 subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state,
2660 if (tevent_req_nomem(subreq, req)) {
2661 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2665 fsp_str_do_log(dir_fsp),
2666 smb_fname->base_name,
2668 return tevent_req_post(req, ev);
2670 tevent_req_set_callback(subreq, smb_full_audit_getxattrat_done, req);
2672 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2676 fsp_str_do_log(dir_fsp),
2677 smb_fname->base_name,
2683 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq)
2685 struct tevent_req *req = tevent_req_callback_data(
2686 subreq, struct tevent_req);
2687 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2688 req, struct smb_full_audit_getxattrat_state);
2690 state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq,
2693 &state->xattr_value);
2694 TALLOC_FREE(subreq);
2695 if (state->xattr_size == -1) {
2696 tevent_req_error(req, state->aio_state.error);
2700 tevent_req_done(req);
2703 static ssize_t smb_full_audit_getxattrat_recv(struct tevent_req *req,
2704 struct vfs_aio_state *aio_state,
2705 TALLOC_CTX *mem_ctx,
2706 uint8_t **xattr_value)
2708 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2709 req, struct smb_full_audit_getxattrat_state);
2712 if (tevent_req_is_unix_error(req, &aio_state->error)) {
2713 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2717 fsp_str_do_log(state->dir_fsp),
2718 state->smb_fname->base_name,
2720 tevent_req_received(req);
2724 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2728 fsp_str_do_log(state->dir_fsp),
2729 state->smb_fname->base_name,
2732 *aio_state = state->aio_state;
2733 xattr_size = state->xattr_size;
2734 if (xattr_value != NULL) {
2735 *xattr_value = talloc_move(mem_ctx, &state->xattr_value);
2738 tevent_req_received(req);
2742 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2743 struct files_struct *fsp,
2744 const char *name, void *value, size_t size)
2748 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2750 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2751 "%s|%s", fsp_str_do_log(fsp), name);
2756 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2757 const struct smb_filename *smb_fname,
2763 result = SMB_VFS_NEXT_LISTXATTR(handle, smb_fname, list, size);
2765 do_log(SMB_VFS_OP_LISTXATTR,
2769 smb_fname_str_do_log(handle->conn, smb_fname));
2774 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2775 struct files_struct *fsp, char *list,
2780 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2782 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2783 "%s", fsp_str_do_log(fsp));
2788 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2789 const struct smb_filename *smb_fname,
2794 result = SMB_VFS_NEXT_REMOVEXATTR(handle, smb_fname, name);
2796 do_log(SMB_VFS_OP_REMOVEXATTR,
2800 smb_fname_str_do_log(handle->conn, smb_fname),
2806 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2807 struct files_struct *fsp,
2812 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2814 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2815 "%s|%s", fsp_str_do_log(fsp), name);
2820 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2821 const struct smb_filename *smb_fname,
2822 const char *name, const void *value, size_t size,
2827 result = SMB_VFS_NEXT_SETXATTR(handle, smb_fname, name, value, size,
2830 do_log(SMB_VFS_OP_SETXATTR,
2834 smb_fname_str_do_log(handle->conn, smb_fname),
2840 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2841 struct files_struct *fsp, const char *name,
2842 const void *value, size_t size, int flags)
2846 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2848 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2849 "%s|%s", fsp_str_do_log(fsp), name);
2854 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2855 struct files_struct *fsp)
2859 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2860 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2861 "%s", fsp_str_do_log(fsp));
2866 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2867 struct files_struct *fsp,
2868 TALLOC_CTX *mem_ctx,
2873 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2878 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2879 "%s", fsp_str_do_log(fsp));
2884 static NTSTATUS smb_full_audit_durable_disconnect(
2885 struct vfs_handle_struct *handle,
2886 struct files_struct *fsp,
2887 const DATA_BLOB old_cookie,
2888 TALLOC_CTX *mem_ctx,
2889 DATA_BLOB *new_cookie)
2893 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2899 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2900 "%s", fsp_str_do_log(fsp));
2905 static NTSTATUS smb_full_audit_durable_reconnect(
2906 struct vfs_handle_struct *handle,
2907 struct smb_request *smb1req,
2908 struct smbXsrv_open *op,
2909 const DATA_BLOB old_cookie,
2910 TALLOC_CTX *mem_ctx,
2911 struct files_struct **fsp,
2912 DATA_BLOB *new_cookie)
2916 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2924 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2925 NT_STATUS_IS_OK(result),
2932 static struct vfs_fn_pointers vfs_full_audit_fns = {
2934 /* Disk operations */
2936 .connect_fn = smb_full_audit_connect,
2937 .disconnect_fn = smb_full_audit_disconnect,
2938 .disk_free_fn = smb_full_audit_disk_free,
2939 .get_quota_fn = smb_full_audit_get_quota,
2940 .set_quota_fn = smb_full_audit_set_quota,
2941 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2942 .statvfs_fn = smb_full_audit_statvfs,
2943 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2944 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2945 .opendir_fn = smb_full_audit_opendir,
2946 .fdopendir_fn = smb_full_audit_fdopendir,
2947 .readdir_fn = smb_full_audit_readdir,
2948 .seekdir_fn = smb_full_audit_seekdir,
2949 .telldir_fn = smb_full_audit_telldir,
2950 .rewind_dir_fn = smb_full_audit_rewinddir,
2951 .mkdirat_fn = smb_full_audit_mkdirat,
2952 .closedir_fn = smb_full_audit_closedir,
2953 .open_fn = smb_full_audit_open,
2954 .create_file_fn = smb_full_audit_create_file,
2955 .close_fn = smb_full_audit_close,
2956 .pread_fn = smb_full_audit_pread,
2957 .pread_send_fn = smb_full_audit_pread_send,
2958 .pread_recv_fn = smb_full_audit_pread_recv,
2959 .pwrite_fn = smb_full_audit_pwrite,
2960 .pwrite_send_fn = smb_full_audit_pwrite_send,
2961 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2962 .lseek_fn = smb_full_audit_lseek,
2963 .sendfile_fn = smb_full_audit_sendfile,
2964 .recvfile_fn = smb_full_audit_recvfile,
2965 .renameat_fn = smb_full_audit_renameat,
2966 .fsync_send_fn = smb_full_audit_fsync_send,
2967 .fsync_recv_fn = smb_full_audit_fsync_recv,
2968 .stat_fn = smb_full_audit_stat,
2969 .fstat_fn = smb_full_audit_fstat,
2970 .lstat_fn = smb_full_audit_lstat,
2971 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2972 .unlinkat_fn = smb_full_audit_unlinkat,
2973 .chmod_fn = smb_full_audit_chmod,
2974 .fchmod_fn = smb_full_audit_fchmod,
2975 .chown_fn = smb_full_audit_chown,
2976 .fchown_fn = smb_full_audit_fchown,
2977 .lchown_fn = smb_full_audit_lchown,
2978 .chdir_fn = smb_full_audit_chdir,
2979 .getwd_fn = smb_full_audit_getwd,
2980 .ntimes_fn = smb_full_audit_ntimes,
2981 .ftruncate_fn = smb_full_audit_ftruncate,
2982 .fallocate_fn = smb_full_audit_fallocate,
2983 .lock_fn = smb_full_audit_lock,
2984 .kernel_flock_fn = smb_full_audit_kernel_flock,
2985 .fcntl_fn = smb_full_audit_fcntl,
2986 .linux_setlease_fn = smb_full_audit_linux_setlease,
2987 .getlock_fn = smb_full_audit_getlock,
2988 .symlinkat_fn = smb_full_audit_symlinkat,
2989 .readlinkat_fn = smb_full_audit_readlinkat,
2990 .linkat_fn = smb_full_audit_linkat,
2991 .mknodat_fn = smb_full_audit_mknodat,
2992 .realpath_fn = smb_full_audit_realpath,
2993 .chflags_fn = smb_full_audit_chflags,
2994 .file_id_create_fn = smb_full_audit_file_id_create,
2995 .fs_file_id_fn = smb_full_audit_fs_file_id,
2996 .offload_read_send_fn = smb_full_audit_offload_read_send,
2997 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
2998 .offload_write_send_fn = smb_full_audit_offload_write_send,
2999 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
3000 .get_compression_fn = smb_full_audit_get_compression,
3001 .set_compression_fn = smb_full_audit_set_compression,
3002 .snap_check_path_fn = smb_full_audit_snap_check_path,
3003 .snap_create_fn = smb_full_audit_snap_create,
3004 .snap_delete_fn = smb_full_audit_snap_delete,
3005 .streaminfo_fn = smb_full_audit_streaminfo,
3006 .get_real_filename_fn = smb_full_audit_get_real_filename,
3007 .connectpath_fn = smb_full_audit_connectpath,
3008 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
3009 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
3010 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
3011 .translate_name_fn = smb_full_audit_translate_name,
3012 .fsctl_fn = smb_full_audit_fsctl,
3013 .get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
3014 .get_dos_attributes_send_fn = smb_full_audit_get_dos_attributes_send,
3015 .get_dos_attributes_recv_fn = smb_full_audit_get_dos_attributes_recv,
3016 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
3017 .set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
3018 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
3019 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
3020 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
3021 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
3022 .audit_file_fn = smb_full_audit_audit_file,
3023 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
3024 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
3025 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
3026 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
3027 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
3028 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
3029 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
3030 .getxattr_fn = smb_full_audit_getxattr,
3031 .getxattrat_send_fn = smb_full_audit_getxattrat_send,
3032 .getxattrat_recv_fn = smb_full_audit_getxattrat_recv,
3033 .fgetxattr_fn = smb_full_audit_fgetxattr,
3034 .listxattr_fn = smb_full_audit_listxattr,
3035 .flistxattr_fn = smb_full_audit_flistxattr,
3036 .removexattr_fn = smb_full_audit_removexattr,
3037 .fremovexattr_fn = smb_full_audit_fremovexattr,
3038 .setxattr_fn = smb_full_audit_setxattr,
3039 .fsetxattr_fn = smb_full_audit_fsetxattr,
3040 .aio_force_fn = smb_full_audit_aio_force,
3041 .durable_cookie_fn = smb_full_audit_durable_cookie,
3042 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
3043 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
3044 .readdir_attr_fn = smb_full_audit_readdir_attr
3049 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
3053 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
3055 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
3056 &vfs_full_audit_fns);
3058 if (!NT_STATUS_IS_OK(ret))
3061 vfs_full_audit_debug_level = debug_add_class("full_audit");
3062 if (vfs_full_audit_debug_level == -1) {
3063 vfs_full_audit_debug_level = DBGC_VFS;
3064 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
3067 DEBUG(10, ("vfs_full_audit: Debug class number of "
3068 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / samba.git / blob