2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
71 static int vfs_full_audit_debug_level = DBGC_VFS;
73 struct vfs_full_audit_private_data {
74 struct bitmap *success_ops;
75 struct bitmap *failure_ops;
81 #define DBGC_CLASS vfs_full_audit_debug_level
83 typedef enum _vfs_op_type {
88 SMB_VFS_OP_CONNECT = 0,
89 SMB_VFS_OP_DISCONNECT,
93 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
95 SMB_VFS_OP_FS_CAPABILITIES,
97 /* Directory operations */
100 SMB_VFS_OP_FDOPENDIR,
104 SMB_VFS_OP_REWINDDIR,
108 SMB_VFS_OP_INIT_SEARCH_OP,
110 /* File operations */
113 SMB_VFS_OP_CREATE_FILE,
117 SMB_VFS_OP_PREAD_SEND,
118 SMB_VFS_OP_PREAD_RECV,
121 SMB_VFS_OP_PWRITE_SEND,
122 SMB_VFS_OP_PWRITE_RECV,
128 SMB_VFS_OP_FSYNC_SEND,
129 SMB_VFS_OP_FSYNC_RECV,
133 SMB_VFS_OP_GET_ALLOC_SIZE,
143 SMB_VFS_OP_FTRUNCATE,
144 SMB_VFS_OP_FALLOCATE,
146 SMB_VFS_OP_KERNEL_FLOCK,
147 SMB_VFS_OP_LINUX_SETLEASE,
154 SMB_VFS_OP_NOTIFY_WATCH,
156 SMB_VFS_OP_FILE_ID_CREATE,
157 SMB_VFS_OP_STREAMINFO,
158 SMB_VFS_OP_GET_REAL_FILENAME,
159 SMB_VFS_OP_CONNECTPATH,
160 SMB_VFS_OP_BRL_LOCK_WINDOWS,
161 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
162 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
163 SMB_VFS_OP_STRICT_LOCK,
164 SMB_VFS_OP_STRICT_UNLOCK,
165 SMB_VFS_OP_TRANSLATE_NAME,
166 SMB_VFS_OP_COPY_CHUNK_SEND,
167 SMB_VFS_OP_COPY_CHUNK_RECV,
168 SMB_VFS_OP_GET_COMPRESSION,
169 SMB_VFS_OP_SET_COMPRESSION,
171 /* NT ACL operations. */
173 SMB_VFS_OP_FGET_NT_ACL,
174 SMB_VFS_OP_GET_NT_ACL,
175 SMB_VFS_OP_FSET_NT_ACL,
177 /* POSIX ACL operations. */
179 SMB_VFS_OP_CHMOD_ACL,
180 SMB_VFS_OP_FCHMOD_ACL,
182 SMB_VFS_OP_SYS_ACL_GET_FILE,
183 SMB_VFS_OP_SYS_ACL_GET_FD,
184 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
185 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
186 SMB_VFS_OP_SYS_ACL_SET_FILE,
187 SMB_VFS_OP_SYS_ACL_SET_FD,
188 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
192 SMB_VFS_OP_FGETXATTR,
193 SMB_VFS_OP_LISTXATTR,
194 SMB_VFS_OP_FLISTXATTR,
195 SMB_VFS_OP_REMOVEXATTR,
196 SMB_VFS_OP_FREMOVEXATTR,
198 SMB_VFS_OP_FSETXATTR,
201 SMB_VFS_OP_AIO_FORCE,
203 /* offline operations */
204 SMB_VFS_OP_IS_OFFLINE,
205 SMB_VFS_OP_SET_OFFLINE,
207 /* This should always be last enum value */
212 /* The following array *must* be in the same order as defined in vfs_op_type */
218 { SMB_VFS_OP_CONNECT, "connect" },
219 { SMB_VFS_OP_DISCONNECT, "disconnect" },
220 { SMB_VFS_OP_DISK_FREE, "disk_free" },
221 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
222 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
223 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
224 { SMB_VFS_OP_STATVFS, "statvfs" },
225 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
226 { SMB_VFS_OP_OPENDIR, "opendir" },
227 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
228 { SMB_VFS_OP_READDIR, "readdir" },
229 { SMB_VFS_OP_SEEKDIR, "seekdir" },
230 { SMB_VFS_OP_TELLDIR, "telldir" },
231 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
232 { SMB_VFS_OP_MKDIR, "mkdir" },
233 { SMB_VFS_OP_RMDIR, "rmdir" },
234 { SMB_VFS_OP_CLOSEDIR, "closedir" },
235 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
236 { SMB_VFS_OP_OPEN, "open" },
237 { SMB_VFS_OP_CREATE_FILE, "create_file" },
238 { SMB_VFS_OP_CLOSE, "close" },
239 { SMB_VFS_OP_READ, "read" },
240 { SMB_VFS_OP_PREAD, "pread" },
241 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
242 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
243 { SMB_VFS_OP_WRITE, "write" },
244 { SMB_VFS_OP_PWRITE, "pwrite" },
245 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
246 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
247 { SMB_VFS_OP_LSEEK, "lseek" },
248 { SMB_VFS_OP_SENDFILE, "sendfile" },
249 { SMB_VFS_OP_RECVFILE, "recvfile" },
250 { SMB_VFS_OP_RENAME, "rename" },
251 { SMB_VFS_OP_FSYNC, "fsync" },
252 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
253 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
254 { SMB_VFS_OP_STAT, "stat" },
255 { SMB_VFS_OP_FSTAT, "fstat" },
256 { SMB_VFS_OP_LSTAT, "lstat" },
257 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
258 { SMB_VFS_OP_UNLINK, "unlink" },
259 { SMB_VFS_OP_CHMOD, "chmod" },
260 { SMB_VFS_OP_FCHMOD, "fchmod" },
261 { SMB_VFS_OP_CHOWN, "chown" },
262 { SMB_VFS_OP_FCHOWN, "fchown" },
263 { SMB_VFS_OP_LCHOWN, "lchown" },
264 { SMB_VFS_OP_CHDIR, "chdir" },
265 { SMB_VFS_OP_GETWD, "getwd" },
266 { SMB_VFS_OP_NTIMES, "ntimes" },
267 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
268 { SMB_VFS_OP_FALLOCATE,"fallocate" },
269 { SMB_VFS_OP_LOCK, "lock" },
270 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
271 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
272 { SMB_VFS_OP_GETLOCK, "getlock" },
273 { SMB_VFS_OP_SYMLINK, "symlink" },
274 { SMB_VFS_OP_READLINK, "readlink" },
275 { SMB_VFS_OP_LINK, "link" },
276 { SMB_VFS_OP_MKNOD, "mknod" },
277 { SMB_VFS_OP_REALPATH, "realpath" },
278 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
279 { SMB_VFS_OP_CHFLAGS, "chflags" },
280 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
281 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
282 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
283 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
284 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
285 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
286 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
287 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
288 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
289 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
290 { SMB_VFS_OP_COPY_CHUNK_SEND, "copy_chunk_send" },
291 { SMB_VFS_OP_COPY_CHUNK_RECV, "copy_chunk_recv" },
292 { SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
293 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
294 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
295 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
296 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
297 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
298 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
299 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
300 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
301 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
302 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
303 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
304 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
305 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
306 { SMB_VFS_OP_GETXATTR, "getxattr" },
307 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
308 { SMB_VFS_OP_LISTXATTR, "listxattr" },
309 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
310 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
311 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
312 { SMB_VFS_OP_SETXATTR, "setxattr" },
313 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
314 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
315 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
316 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
317 { SMB_VFS_OP_LAST, NULL }
320 static int audit_syslog_facility(vfs_handle_struct *handle)
322 static const struct enum_list enum_log_facilities[] = {
323 { LOG_USER, "USER" },
324 { LOG_LOCAL0, "LOCAL0" },
325 { LOG_LOCAL1, "LOCAL1" },
326 { LOG_LOCAL2, "LOCAL2" },
327 { LOG_LOCAL3, "LOCAL3" },
328 { LOG_LOCAL4, "LOCAL4" },
329 { LOG_LOCAL5, "LOCAL5" },
330 { LOG_LOCAL6, "LOCAL6" },
331 { LOG_LOCAL7, "LOCAL7" },
337 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
342 static int audit_syslog_priority(vfs_handle_struct *handle)
344 static const struct enum_list enum_log_priorities[] = {
345 { LOG_EMERG, "EMERG" },
346 { LOG_ALERT, "ALERT" },
347 { LOG_CRIT, "CRIT" },
349 { LOG_WARNING, "WARNING" },
350 { LOG_NOTICE, "NOTICE" },
351 { LOG_INFO, "INFO" },
352 { LOG_DEBUG, "DEBUG" },
358 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
359 enum_log_priorities, LOG_NOTICE);
360 if (priority == -1) {
361 priority = LOG_WARNING;
367 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
372 prefix = talloc_strdup(ctx,
373 lp_parm_const_string(SNUM(conn), "full_audit",
378 result = talloc_sub_advanced(ctx,
379 lp_servicename(talloc_tos(), SNUM(conn)),
380 conn->session_info->unix_info->unix_name,
382 conn->session_info->unix_token->gid,
383 conn->session_info->unix_info->sanitized_username,
384 conn->session_info->info->domain_name,
390 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
392 if (pd->success_ops == NULL) {
396 return bitmap_query(pd->success_ops, op);
399 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
401 if (pd->failure_ops == NULL)
404 return bitmap_query(pd->failure_ops, op);
407 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
415 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
417 DEBUG(0, ("Could not alloc bitmap -- "
418 "defaulting to logging everything\n"));
422 for (; *ops != NULL; ops += 1) {
427 if (strequal(*ops, "all")) {
428 for (i=0; i<SMB_VFS_OP_LAST; i++) {
434 if (strequal(*ops, "none")) {
444 for (i=0; i<SMB_VFS_OP_LAST; i++) {
445 if ((vfs_op_names[i].name == NULL)
446 || (vfs_op_names[i].type != i)) {
447 smb_panic("vfs_full_audit.c: name table not "
448 "in sync with vfs_op_type enums\n");
450 if (strequal(op, vfs_op_names[i].name)) {
459 if (i == SMB_VFS_OP_LAST) {
460 DEBUG(0, ("Could not find opname %s, logging all\n",
469 static const char *audit_opname(vfs_op_type op)
471 if (op >= SMB_VFS_OP_LAST)
472 return "INVALID VFS OP";
473 return vfs_op_names[op].name;
476 static TALLOC_CTX *tmp_do_log_ctx;
478 * Get us a temporary talloc context usable just for DEBUG arguments
480 static TALLOC_CTX *do_log_ctx(void)
482 if (tmp_do_log_ctx == NULL) {
483 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
485 return tmp_do_log_ctx;
488 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
489 const char *format, ...)
491 struct vfs_full_audit_private_data *pd;
493 char *audit_pre = NULL;
498 SMB_VFS_HANDLE_GET_DATA(handle, pd,
499 struct vfs_full_audit_private_data,
502 if (success && (!log_success(pd, op)))
505 if (!success && (!log_failure(pd, op)))
509 fstrcpy(err_msg, "ok");
511 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
513 va_start(ap, format);
514 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
522 * Specify the facility to interoperate with other syslog callers
523 * (smbd for example).
525 priority = pd->syslog_priority | pd->syslog_facility;
527 audit_pre = audit_prefix(talloc_tos(), handle->conn);
528 syslog(priority, "%s|%s|%s|%s\n",
529 audit_pre ? audit_pre : "",
530 audit_opname(op), err_msg, op_msg);
533 TALLOC_FREE(audit_pre);
535 TALLOC_FREE(tmp_do_log_ctx);
539 * Return a string using the do_log_ctx()
541 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
546 if (smb_fname == NULL) {
549 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
550 if (!NT_STATUS_IS_OK(status)) {
557 * Return an fsp debug string using the do_log_ctx()
559 static const char *fsp_str_do_log(const struct files_struct *fsp)
561 return smb_fname_str_do_log(fsp->fsp_name);
564 /* Implementation of vfs_ops. Pass everything on to the default
565 operation but log event first. */
567 static int smb_full_audit_connect(vfs_handle_struct *handle,
568 const char *svc, const char *user)
571 struct vfs_full_audit_private_data *pd = NULL;
573 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
578 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
580 SMB_VFS_NEXT_DISCONNECT(handle);
584 pd->syslog_facility = audit_syslog_facility(handle);
585 if (pd->syslog_facility == -1) {
586 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
587 lp_parm_const_string(SNUM(handle->conn),
588 "full_audit", "facility",
590 SMB_VFS_NEXT_DISCONNECT(handle);
594 pd->syslog_priority = audit_syslog_priority(handle);
597 openlog("smbd_audit", 0, pd->syslog_facility);
600 pd->success_ops = init_bitmap(
601 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
603 pd->failure_ops = init_bitmap(
604 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
607 /* Store the private data. */
608 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
609 struct vfs_full_audit_private_data, return -1);
611 do_log(SMB_VFS_OP_CONNECT, True, handle,
617 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
619 SMB_VFS_NEXT_DISCONNECT(handle);
621 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
622 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
624 /* The bitmaps will be disconnected when the private
628 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
630 bool small_query, uint64_t *bsize,
631 uint64_t *dfree, uint64_t *dsize)
635 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
638 /* Don't have a reasonable notion of failure here */
640 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
645 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
646 enum SMB_QUOTA_TYPE qtype, unid_t id,
651 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
653 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
659 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
660 enum SMB_QUOTA_TYPE qtype, unid_t id,
665 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
667 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
672 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
673 struct files_struct *fsp,
674 struct shadow_copy_data *shadow_copy_data,
679 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
681 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
686 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
688 struct vfs_statvfs_struct *statbuf)
692 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
694 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
699 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
703 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
705 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
710 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
711 const char *fname, const char *mask, uint32 attr)
715 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
717 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
722 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
723 files_struct *fsp, const char *mask, uint32 attr)
727 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
729 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
730 fsp_str_do_log(fsp));
735 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
736 DIR *dirp, SMB_STRUCT_STAT *sbuf)
738 struct dirent *result;
740 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
742 /* This operation has no reasonable error condition
743 * (End of dir is also failure), so always succeed.
745 do_log(SMB_VFS_OP_READDIR, True, handle, "");
750 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
751 DIR *dirp, long offset)
753 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
755 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
758 static long smb_full_audit_telldir(vfs_handle_struct *handle,
763 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
765 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
770 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
773 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
775 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
778 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
779 const char *path, mode_t mode)
783 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
785 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
790 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
795 result = SMB_VFS_NEXT_RMDIR(handle, path);
797 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
802 static int smb_full_audit_closedir(vfs_handle_struct *handle,
807 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
809 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
814 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
817 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
819 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
822 static int smb_full_audit_open(vfs_handle_struct *handle,
823 struct smb_filename *smb_fname,
824 files_struct *fsp, int flags, mode_t mode)
828 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
830 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
831 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
832 smb_fname_str_do_log(smb_fname));
837 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
838 struct smb_request *req,
839 uint16_t root_dir_fid,
840 struct smb_filename *smb_fname,
841 uint32_t access_mask,
842 uint32_t share_access,
843 uint32_t create_disposition,
844 uint32_t create_options,
845 uint32_t file_attributes,
846 uint32_t oplock_request,
847 uint64_t allocation_size,
848 uint32_t private_flags,
849 struct security_descriptor *sd,
850 struct ea_list *ea_list,
851 files_struct **result_fsp,
855 const char* str_create_disposition;
857 switch (create_disposition) {
859 str_create_disposition = "supersede";
861 case FILE_OVERWRITE_IF:
862 str_create_disposition = "overwrite_if";
865 str_create_disposition = "open";
868 str_create_disposition = "overwrite";
871 str_create_disposition = "create";
874 str_create_disposition = "open_if";
877 str_create_disposition = "unknown";
880 result = SMB_VFS_NEXT_CREATE_FILE(
883 root_dir_fid, /* root_dir_fid */
884 smb_fname, /* fname */
885 access_mask, /* access_mask */
886 share_access, /* share_access */
887 create_disposition, /* create_disposition*/
888 create_options, /* create_options */
889 file_attributes, /* file_attributes */
890 oplock_request, /* oplock_request */
891 allocation_size, /* allocation_size */
894 ea_list, /* ea_list */
895 result_fsp, /* result */
898 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
899 "0x%x|%s|%s|%s", access_mask,
900 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
901 str_create_disposition, smb_fname_str_do_log(smb_fname));
906 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
910 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
912 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
913 fsp_str_do_log(fsp));
918 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
919 void *data, size_t n)
923 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
925 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
926 fsp_str_do_log(fsp));
931 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
932 void *data, size_t n, off_t offset)
936 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
938 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
939 fsp_str_do_log(fsp));
944 struct smb_full_audit_pread_state {
945 vfs_handle_struct *handle;
951 static void smb_full_audit_pread_done(struct tevent_req *subreq);
953 static struct tevent_req *smb_full_audit_pread_send(
954 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
955 struct tevent_context *ev, struct files_struct *fsp,
956 void *data, size_t n, off_t offset)
958 struct tevent_req *req, *subreq;
959 struct smb_full_audit_pread_state *state;
961 req = tevent_req_create(mem_ctx, &state,
962 struct smb_full_audit_pread_state);
964 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
965 fsp_str_do_log(fsp));
968 state->handle = handle;
971 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
973 if (tevent_req_nomem(subreq, req)) {
974 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
975 fsp_str_do_log(fsp));
976 return tevent_req_post(req, ev);
978 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
980 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
984 static void smb_full_audit_pread_done(struct tevent_req *subreq)
986 struct tevent_req *req = tevent_req_callback_data(
987 subreq, struct tevent_req);
988 struct smb_full_audit_pread_state *state = tevent_req_data(
989 req, struct smb_full_audit_pread_state);
991 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
993 tevent_req_done(req);
996 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req, int *err)
998 struct smb_full_audit_pread_state *state = tevent_req_data(
999 req, struct smb_full_audit_pread_state);
1001 if (tevent_req_is_unix_error(req, err)) {
1002 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1003 fsp_str_do_log(state->fsp));
1007 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1008 fsp_str_do_log(state->fsp));
1014 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1015 const void *data, size_t n)
1019 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1021 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1022 fsp_str_do_log(fsp));
1027 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1028 const void *data, size_t n,
1033 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1035 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1036 fsp_str_do_log(fsp));
1041 struct smb_full_audit_pwrite_state {
1042 vfs_handle_struct *handle;
1048 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1050 static struct tevent_req *smb_full_audit_pwrite_send(
1051 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1052 struct tevent_context *ev, struct files_struct *fsp,
1053 const void *data, size_t n, off_t offset)
1055 struct tevent_req *req, *subreq;
1056 struct smb_full_audit_pwrite_state *state;
1058 req = tevent_req_create(mem_ctx, &state,
1059 struct smb_full_audit_pwrite_state);
1061 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1062 fsp_str_do_log(fsp));
1065 state->handle = handle;
1068 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1070 if (tevent_req_nomem(subreq, req)) {
1071 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1072 fsp_str_do_log(fsp));
1073 return tevent_req_post(req, ev);
1075 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1077 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1078 fsp_str_do_log(fsp));
1082 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1084 struct tevent_req *req = tevent_req_callback_data(
1085 subreq, struct tevent_req);
1086 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1087 req, struct smb_full_audit_pwrite_state);
1089 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
1090 TALLOC_FREE(subreq);
1091 tevent_req_done(req);
1094 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req, int *err)
1096 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1097 req, struct smb_full_audit_pwrite_state);
1099 if (tevent_req_is_unix_error(req, err)) {
1100 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1101 fsp_str_do_log(state->fsp));
1105 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1106 fsp_str_do_log(state->fsp));
1112 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1113 off_t offset, int whence)
1117 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1119 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1120 "%s", fsp_str_do_log(fsp));
1125 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1126 files_struct *fromfsp,
1127 const DATA_BLOB *hdr, off_t offset,
1132 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1134 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1135 "%s", fsp_str_do_log(fromfsp));
1140 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1141 files_struct *tofsp,
1147 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1149 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1150 "%s", fsp_str_do_log(tofsp));
1155 static int smb_full_audit_rename(vfs_handle_struct *handle,
1156 const struct smb_filename *smb_fname_src,
1157 const struct smb_filename *smb_fname_dst)
1161 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1163 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1164 smb_fname_str_do_log(smb_fname_src),
1165 smb_fname_str_do_log(smb_fname_dst));
1170 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1174 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1176 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1177 fsp_str_do_log(fsp));
1182 struct smb_full_audit_fsync_state {
1183 vfs_handle_struct *handle;
1189 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1191 static struct tevent_req *smb_full_audit_fsync_send(
1192 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1193 struct tevent_context *ev, struct files_struct *fsp)
1195 struct tevent_req *req, *subreq;
1196 struct smb_full_audit_fsync_state *state;
1198 req = tevent_req_create(mem_ctx, &state,
1199 struct smb_full_audit_fsync_state);
1201 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1202 fsp_str_do_log(fsp));
1205 state->handle = handle;
1208 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1209 if (tevent_req_nomem(subreq, req)) {
1210 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1211 fsp_str_do_log(fsp));
1212 return tevent_req_post(req, ev);
1214 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1216 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1220 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1222 struct tevent_req *req = tevent_req_callback_data(
1223 subreq, struct tevent_req);
1224 struct smb_full_audit_fsync_state *state = tevent_req_data(
1225 req, struct smb_full_audit_fsync_state);
1227 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->err);
1228 TALLOC_FREE(subreq);
1229 tevent_req_done(req);
1232 static int smb_full_audit_fsync_recv(struct tevent_req *req, int *err)
1234 struct smb_full_audit_fsync_state *state = tevent_req_data(
1235 req, struct smb_full_audit_fsync_state);
1237 if (tevent_req_is_unix_error(req, err)) {
1238 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1239 fsp_str_do_log(state->fsp));
1243 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1244 fsp_str_do_log(state->fsp));
1250 static int smb_full_audit_stat(vfs_handle_struct *handle,
1251 struct smb_filename *smb_fname)
1255 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1257 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1258 smb_fname_str_do_log(smb_fname));
1263 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1264 SMB_STRUCT_STAT *sbuf)
1268 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1270 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1271 fsp_str_do_log(fsp));
1276 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1277 struct smb_filename *smb_fname)
1281 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1283 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1284 smb_fname_str_do_log(smb_fname));
1289 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1290 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1294 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1296 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1302 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1303 const struct smb_filename *smb_fname)
1307 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1309 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1310 smb_fname_str_do_log(smb_fname));
1315 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1316 const char *path, mode_t mode)
1320 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1322 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1327 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1332 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1334 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1335 "%s|%o", fsp_str_do_log(fsp), mode);
1340 static int smb_full_audit_chown(vfs_handle_struct *handle,
1341 const char *path, uid_t uid, gid_t gid)
1345 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1347 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1348 path, (long int)uid, (long int)gid);
1353 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1354 uid_t uid, gid_t gid)
1358 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1360 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1361 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1366 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1367 const char *path, uid_t uid, gid_t gid)
1371 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1373 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1374 path, (long int)uid, (long int)gid);
1379 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1384 result = SMB_VFS_NEXT_CHDIR(handle, path);
1386 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1391 static char *smb_full_audit_getwd(vfs_handle_struct *handle)
1395 result = SMB_VFS_NEXT_GETWD(handle);
1397 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1398 result == NULL? "" : result);
1403 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1404 const struct smb_filename *smb_fname,
1405 struct smb_file_time *ft)
1409 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1411 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1412 smb_fname_str_do_log(smb_fname));
1417 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1422 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1424 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1425 "%s", fsp_str_do_log(fsp));
1430 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1431 enum vfs_fallocate_mode mode,
1437 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1439 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1440 "%s", fsp_str_do_log(fsp));
1445 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1446 int op, off_t offset, off_t count, int type)
1450 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1452 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1457 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1458 struct files_struct *fsp,
1459 uint32 share_mode, uint32 access_mask)
1463 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1465 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1466 fsp_str_do_log(fsp));
1471 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1476 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1478 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1479 fsp_str_do_log(fsp));
1484 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1485 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1489 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1491 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1496 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1497 const char *oldpath, const char *newpath)
1501 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1503 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1504 "%s|%s", oldpath, newpath);
1509 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1510 const char *path, char *buf, size_t bufsiz)
1514 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1516 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1521 static int smb_full_audit_link(vfs_handle_struct *handle,
1522 const char *oldpath, const char *newpath)
1526 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1528 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1529 "%s|%s", oldpath, newpath);
1534 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1535 const char *pathname, mode_t mode, SMB_DEV_T dev)
1539 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1541 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1546 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1551 result = SMB_VFS_NEXT_REALPATH(handle, path);
1553 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1558 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1559 struct sys_notify_context *ctx,
1562 uint32_t *subdir_filter,
1563 void (*callback)(struct sys_notify_context *ctx,
1565 struct notify_event *ev),
1566 void *private_data, void *handle_p)
1570 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, path,
1571 filter, subdir_filter, callback,
1572 private_data, handle_p);
1574 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1579 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1580 const char *path, unsigned int flags)
1584 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1586 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1591 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1592 const SMB_STRUCT_STAT *sbuf)
1594 struct file_id id_zero;
1595 struct file_id result;
1597 ZERO_STRUCT(id_zero);
1599 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1601 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1602 !file_id_equal(&id_zero, &result),
1603 handle, "%s", file_id_string_tos(&result));
1608 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1609 struct files_struct *fsp,
1611 TALLOC_CTX *mem_ctx,
1612 unsigned int *pnum_streams,
1613 struct stream_struct **pstreams)
1617 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1618 pnum_streams, pstreams);
1620 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1626 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1629 TALLOC_CTX *mem_ctx,
1634 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1637 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1638 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1643 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1648 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1650 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1656 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1657 struct byte_range_lock *br_lck,
1658 struct lock_struct *plock,
1663 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1666 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1667 "%s:%llu-%llu. type=%d. blocking=%d",
1668 fsp_str_do_log(brl_fsp(br_lck)),
1669 plock->start, plock->size, plock->lock_type, blocking_lock);
1674 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1675 struct messaging_context *msg_ctx,
1676 struct byte_range_lock *br_lck,
1677 const struct lock_struct *plock)
1681 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1684 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1685 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1687 plock->size, plock->lock_type);
1692 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1693 struct byte_range_lock *br_lck,
1694 struct lock_struct *plock)
1698 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock);
1700 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1701 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1703 plock->size, plock->lock_type);
1708 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1709 struct files_struct *fsp,
1710 struct lock_struct *plock)
1714 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1716 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1717 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1718 plock->size, plock->lock_type);
1723 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1724 struct files_struct *fsp,
1725 struct lock_struct *plock)
1727 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1729 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1730 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1731 plock->size, plock->lock_type);
1734 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1736 enum vfs_translate_direction direction,
1737 TALLOC_CTX *mem_ctx,
1742 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1745 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1750 static struct tevent_req *smb_full_audit_copy_chunk_send(struct vfs_handle_struct *handle,
1751 TALLOC_CTX *mem_ctx,
1752 struct tevent_context *ev,
1753 struct files_struct *src_fsp,
1755 struct files_struct *dest_fsp,
1759 struct tevent_req *req;
1761 req = SMB_VFS_NEXT_COPY_CHUNK_SEND(handle, mem_ctx, ev, src_fsp,
1762 src_off, dest_fsp, dest_off, num);
1764 do_log(SMB_VFS_OP_COPY_CHUNK_SEND, req, handle, "");
1769 static NTSTATUS smb_full_audit_copy_chunk_recv(struct vfs_handle_struct *handle,
1770 struct tevent_req *req,
1775 result = SMB_VFS_NEXT_COPY_CHUNK_RECV(handle, req, copied);
1777 do_log(SMB_VFS_OP_COPY_CHUNK_RECV, NT_STATUS_IS_OK(result), handle, "");
1782 static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
1783 TALLOC_CTX *mem_ctx,
1784 struct files_struct *fsp,
1785 struct smb_filename *smb_fname,
1786 uint16_t *_compression_fmt)
1790 result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
1793 do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1795 (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname)));
1800 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
1801 TALLOC_CTX *mem_ctx,
1802 struct files_struct *fsp,
1803 uint16_t compression_fmt)
1807 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
1810 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1811 "%s", fsp_str_do_log(fsp));
1816 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1817 uint32 security_info,
1818 TALLOC_CTX *mem_ctx,
1819 struct security_descriptor **ppdesc)
1823 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
1826 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1827 "%s", fsp_str_do_log(fsp));
1832 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1834 uint32 security_info,
1835 TALLOC_CTX *mem_ctx,
1836 struct security_descriptor **ppdesc)
1840 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
1843 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1849 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1850 uint32 security_info_sent,
1851 const struct security_descriptor *psd)
1855 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1857 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1858 fsp_str_do_log(fsp));
1863 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1864 const char *path, mode_t mode)
1868 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1870 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1871 "%s|%o", path, mode);
1876 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1881 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1883 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1884 "%s|%o", fsp_str_do_log(fsp), mode);
1889 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1891 SMB_ACL_TYPE_T type,
1892 TALLOC_CTX *mem_ctx)
1896 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type, mem_ctx);
1898 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1904 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1905 files_struct *fsp, TALLOC_CTX *mem_ctx)
1909 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
1911 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1912 "%s", fsp_str_do_log(fsp));
1917 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
1919 TALLOC_CTX *mem_ctx,
1920 char **blob_description,
1925 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob);
1927 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
1933 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1935 TALLOC_CTX *mem_ctx,
1936 char **blob_description,
1941 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
1943 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
1944 "%s", fsp_str_do_log(fsp));
1949 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1951 const char *name, SMB_ACL_TYPE_T acltype,
1956 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1959 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1965 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1970 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1972 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1973 "%s", fsp_str_do_log(fsp));
1978 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1984 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1986 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1992 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1994 const char *name, void *value, size_t size)
1998 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
2000 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2001 "%s|%s", path, name);
2006 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2007 struct files_struct *fsp,
2008 const char *name, void *value, size_t size)
2012 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2014 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2015 "%s|%s", fsp_str_do_log(fsp), name);
2020 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2021 const char *path, char *list, size_t size)
2025 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
2027 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
2032 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2033 struct files_struct *fsp, char *list,
2038 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2040 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2041 "%s", fsp_str_do_log(fsp));
2046 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2052 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2054 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2055 "%s|%s", path, name);
2060 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2061 struct files_struct *fsp,
2066 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2068 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2069 "%s|%s", fsp_str_do_log(fsp), name);
2074 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2076 const char *name, const void *value, size_t size,
2081 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2084 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2085 "%s|%s", path, name);
2090 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2091 struct files_struct *fsp, const char *name,
2092 const void *value, size_t size, int flags)
2096 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2098 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2099 "%s|%s", fsp_str_do_log(fsp), name);
2104 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2105 struct files_struct *fsp)
2109 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2110 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2111 "%s", fsp_str_do_log(fsp));
2116 static bool smb_full_audit_is_offline(struct vfs_handle_struct *handle,
2117 const struct smb_filename *fname,
2118 SMB_STRUCT_STAT *sbuf)
2122 result = SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
2123 do_log(SMB_VFS_OP_IS_OFFLINE, result, handle, "%s",
2124 smb_fname_str_do_log(fname));
2128 static int smb_full_audit_set_offline(struct vfs_handle_struct *handle,
2129 const struct smb_filename *fname)
2133 result = SMB_VFS_NEXT_SET_OFFLINE(handle, fname);
2134 do_log(SMB_VFS_OP_SET_OFFLINE, result >= 0, handle, "%s",
2135 smb_fname_str_do_log(fname));
2139 static struct vfs_fn_pointers vfs_full_audit_fns = {
2141 /* Disk operations */
2143 .connect_fn = smb_full_audit_connect,
2144 .disconnect_fn = smb_full_audit_disconnect,
2145 .disk_free_fn = smb_full_audit_disk_free,
2146 .get_quota_fn = smb_full_audit_get_quota,
2147 .set_quota_fn = smb_full_audit_set_quota,
2148 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2149 .statvfs_fn = smb_full_audit_statvfs,
2150 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2151 .opendir_fn = smb_full_audit_opendir,
2152 .fdopendir_fn = smb_full_audit_fdopendir,
2153 .readdir_fn = smb_full_audit_readdir,
2154 .seekdir_fn = smb_full_audit_seekdir,
2155 .telldir_fn = smb_full_audit_telldir,
2156 .rewind_dir_fn = smb_full_audit_rewinddir,
2157 .mkdir_fn = smb_full_audit_mkdir,
2158 .rmdir_fn = smb_full_audit_rmdir,
2159 .closedir_fn = smb_full_audit_closedir,
2160 .init_search_op_fn = smb_full_audit_init_search_op,
2161 .open_fn = smb_full_audit_open,
2162 .create_file_fn = smb_full_audit_create_file,
2163 .close_fn = smb_full_audit_close,
2164 .read_fn = smb_full_audit_read,
2165 .pread_fn = smb_full_audit_pread,
2166 .pread_send_fn = smb_full_audit_pread_send,
2167 .pread_recv_fn = smb_full_audit_pread_recv,
2168 .write_fn = smb_full_audit_write,
2169 .pwrite_fn = smb_full_audit_pwrite,
2170 .pwrite_send_fn = smb_full_audit_pwrite_send,
2171 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2172 .lseek_fn = smb_full_audit_lseek,
2173 .sendfile_fn = smb_full_audit_sendfile,
2174 .recvfile_fn = smb_full_audit_recvfile,
2175 .rename_fn = smb_full_audit_rename,
2176 .fsync_fn = smb_full_audit_fsync,
2177 .fsync_send_fn = smb_full_audit_fsync_send,
2178 .fsync_recv_fn = smb_full_audit_fsync_recv,
2179 .stat_fn = smb_full_audit_stat,
2180 .fstat_fn = smb_full_audit_fstat,
2181 .lstat_fn = smb_full_audit_lstat,
2182 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2183 .unlink_fn = smb_full_audit_unlink,
2184 .chmod_fn = smb_full_audit_chmod,
2185 .fchmod_fn = smb_full_audit_fchmod,
2186 .chown_fn = smb_full_audit_chown,
2187 .fchown_fn = smb_full_audit_fchown,
2188 .lchown_fn = smb_full_audit_lchown,
2189 .chdir_fn = smb_full_audit_chdir,
2190 .getwd_fn = smb_full_audit_getwd,
2191 .ntimes_fn = smb_full_audit_ntimes,
2192 .ftruncate_fn = smb_full_audit_ftruncate,
2193 .fallocate_fn = smb_full_audit_fallocate,
2194 .lock_fn = smb_full_audit_lock,
2195 .kernel_flock_fn = smb_full_audit_kernel_flock,
2196 .linux_setlease_fn = smb_full_audit_linux_setlease,
2197 .getlock_fn = smb_full_audit_getlock,
2198 .symlink_fn = smb_full_audit_symlink,
2199 .readlink_fn = smb_full_audit_readlink,
2200 .link_fn = smb_full_audit_link,
2201 .mknod_fn = smb_full_audit_mknod,
2202 .realpath_fn = smb_full_audit_realpath,
2203 .notify_watch_fn = smb_full_audit_notify_watch,
2204 .chflags_fn = smb_full_audit_chflags,
2205 .file_id_create_fn = smb_full_audit_file_id_create,
2206 .streaminfo_fn = smb_full_audit_streaminfo,
2207 .get_real_filename_fn = smb_full_audit_get_real_filename,
2208 .connectpath_fn = smb_full_audit_connectpath,
2209 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2210 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2211 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2212 .strict_lock_fn = smb_full_audit_strict_lock,
2213 .strict_unlock_fn = smb_full_audit_strict_unlock,
2214 .translate_name_fn = smb_full_audit_translate_name,
2215 .copy_chunk_send_fn = smb_full_audit_copy_chunk_send,
2216 .copy_chunk_recv_fn = smb_full_audit_copy_chunk_recv,
2217 .get_compression_fn = smb_full_audit_get_compression,
2218 .set_compression_fn = smb_full_audit_set_compression,
2219 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2220 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2221 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2222 .chmod_acl_fn = smb_full_audit_chmod_acl,
2223 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2224 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2225 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2226 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2227 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2228 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2229 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2230 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2231 .getxattr_fn = smb_full_audit_getxattr,
2232 .fgetxattr_fn = smb_full_audit_fgetxattr,
2233 .listxattr_fn = smb_full_audit_listxattr,
2234 .flistxattr_fn = smb_full_audit_flistxattr,
2235 .removexattr_fn = smb_full_audit_removexattr,
2236 .fremovexattr_fn = smb_full_audit_fremovexattr,
2237 .setxattr_fn = smb_full_audit_setxattr,
2238 .fsetxattr_fn = smb_full_audit_fsetxattr,
2239 .aio_force_fn = smb_full_audit_aio_force,
2240 .is_offline_fn = smb_full_audit_is_offline,
2241 .set_offline_fn = smb_full_audit_set_offline,
2244 NTSTATUS vfs_full_audit_init(void)
2246 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2247 "full_audit", &vfs_full_audit_fns);
2249 if (!NT_STATUS_IS_OK(ret))
2252 vfs_full_audit_debug_level = debug_add_class("full_audit");
2253 if (vfs_full_audit_debug_level == -1) {
2254 vfs_full_audit_debug_level = DBGC_VFS;
2255 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2258 DEBUG(10, ("vfs_full_audit: Debug class number of "
2259 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / sfrench / samba-autobuild / .git / blob