2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
71 static int vfs_full_audit_debug_level = DBGC_VFS;
73 struct vfs_full_audit_private_data {
74 struct bitmap *success_ops;
75 struct bitmap *failure_ops;
79 #define DBGC_CLASS vfs_full_audit_debug_level
81 typedef enum _vfs_op_type {
86 SMB_VFS_OP_CONNECT = 0,
87 SMB_VFS_OP_DISCONNECT,
91 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
93 SMB_VFS_OP_FS_CAPABILITIES,
95 /* Directory operations */
102 SMB_VFS_OP_REWINDDIR,
106 SMB_VFS_OP_INIT_SEARCH_OP,
108 /* File operations */
111 SMB_VFS_OP_CREATE_FILE,
115 SMB_VFS_OP_PREAD_SEND,
116 SMB_VFS_OP_PREAD_RECV,
119 SMB_VFS_OP_PWRITE_SEND,
120 SMB_VFS_OP_PWRITE_RECV,
126 SMB_VFS_OP_FSYNC_SEND,
127 SMB_VFS_OP_FSYNC_RECV,
131 SMB_VFS_OP_GET_ALLOC_SIZE,
141 SMB_VFS_OP_FTRUNCATE,
142 SMB_VFS_OP_FALLOCATE,
144 SMB_VFS_OP_KERNEL_FLOCK,
145 SMB_VFS_OP_LINUX_SETLEASE,
152 SMB_VFS_OP_NOTIFY_WATCH,
154 SMB_VFS_OP_FILE_ID_CREATE,
155 SMB_VFS_OP_STREAMINFO,
156 SMB_VFS_OP_GET_REAL_FILENAME,
157 SMB_VFS_OP_CONNECTPATH,
158 SMB_VFS_OP_BRL_LOCK_WINDOWS,
159 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
160 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
161 SMB_VFS_OP_STRICT_LOCK,
162 SMB_VFS_OP_STRICT_UNLOCK,
163 SMB_VFS_OP_TRANSLATE_NAME,
164 SMB_VFS_OP_COPY_CHUNK_SEND,
165 SMB_VFS_OP_COPY_CHUNK_RECV,
167 /* NT ACL operations. */
169 SMB_VFS_OP_FGET_NT_ACL,
170 SMB_VFS_OP_GET_NT_ACL,
171 SMB_VFS_OP_FSET_NT_ACL,
173 /* POSIX ACL operations. */
175 SMB_VFS_OP_CHMOD_ACL,
176 SMB_VFS_OP_FCHMOD_ACL,
178 SMB_VFS_OP_SYS_ACL_GET_FILE,
179 SMB_VFS_OP_SYS_ACL_GET_FD,
180 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
181 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
182 SMB_VFS_OP_SYS_ACL_SET_FILE,
183 SMB_VFS_OP_SYS_ACL_SET_FD,
184 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
188 SMB_VFS_OP_FGETXATTR,
189 SMB_VFS_OP_LISTXATTR,
190 SMB_VFS_OP_FLISTXATTR,
191 SMB_VFS_OP_REMOVEXATTR,
192 SMB_VFS_OP_FREMOVEXATTR,
194 SMB_VFS_OP_FSETXATTR,
197 SMB_VFS_OP_AIO_FORCE,
199 /* offline operations */
200 SMB_VFS_OP_IS_OFFLINE,
201 SMB_VFS_OP_SET_OFFLINE,
203 /* This should always be last enum value */
208 /* The following array *must* be in the same order as defined in vfs_op_type */
214 { SMB_VFS_OP_CONNECT, "connect" },
215 { SMB_VFS_OP_DISCONNECT, "disconnect" },
216 { SMB_VFS_OP_DISK_FREE, "disk_free" },
217 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
218 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
219 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
220 { SMB_VFS_OP_STATVFS, "statvfs" },
221 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
222 { SMB_VFS_OP_OPENDIR, "opendir" },
223 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
224 { SMB_VFS_OP_READDIR, "readdir" },
225 { SMB_VFS_OP_SEEKDIR, "seekdir" },
226 { SMB_VFS_OP_TELLDIR, "telldir" },
227 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
228 { SMB_VFS_OP_MKDIR, "mkdir" },
229 { SMB_VFS_OP_RMDIR, "rmdir" },
230 { SMB_VFS_OP_CLOSEDIR, "closedir" },
231 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
232 { SMB_VFS_OP_OPEN, "open" },
233 { SMB_VFS_OP_CREATE_FILE, "create_file" },
234 { SMB_VFS_OP_CLOSE, "close" },
235 { SMB_VFS_OP_READ, "read" },
236 { SMB_VFS_OP_PREAD, "pread" },
237 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
238 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
239 { SMB_VFS_OP_WRITE, "write" },
240 { SMB_VFS_OP_PWRITE, "pwrite" },
241 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
242 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
243 { SMB_VFS_OP_LSEEK, "lseek" },
244 { SMB_VFS_OP_SENDFILE, "sendfile" },
245 { SMB_VFS_OP_RECVFILE, "recvfile" },
246 { SMB_VFS_OP_RENAME, "rename" },
247 { SMB_VFS_OP_FSYNC, "fsync" },
248 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
249 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
250 { SMB_VFS_OP_STAT, "stat" },
251 { SMB_VFS_OP_FSTAT, "fstat" },
252 { SMB_VFS_OP_LSTAT, "lstat" },
253 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
254 { SMB_VFS_OP_UNLINK, "unlink" },
255 { SMB_VFS_OP_CHMOD, "chmod" },
256 { SMB_VFS_OP_FCHMOD, "fchmod" },
257 { SMB_VFS_OP_CHOWN, "chown" },
258 { SMB_VFS_OP_FCHOWN, "fchown" },
259 { SMB_VFS_OP_LCHOWN, "lchown" },
260 { SMB_VFS_OP_CHDIR, "chdir" },
261 { SMB_VFS_OP_GETWD, "getwd" },
262 { SMB_VFS_OP_NTIMES, "ntimes" },
263 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
264 { SMB_VFS_OP_FALLOCATE,"fallocate" },
265 { SMB_VFS_OP_LOCK, "lock" },
266 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
267 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
268 { SMB_VFS_OP_GETLOCK, "getlock" },
269 { SMB_VFS_OP_SYMLINK, "symlink" },
270 { SMB_VFS_OP_READLINK, "readlink" },
271 { SMB_VFS_OP_LINK, "link" },
272 { SMB_VFS_OP_MKNOD, "mknod" },
273 { SMB_VFS_OP_REALPATH, "realpath" },
274 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
275 { SMB_VFS_OP_CHFLAGS, "chflags" },
276 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
277 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
278 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
279 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
280 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
281 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
282 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
283 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
284 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
285 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
286 { SMB_VFS_OP_COPY_CHUNK_SEND, "copy_chunk_send" },
287 { SMB_VFS_OP_COPY_CHUNK_RECV, "copy_chunk_recv" },
288 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
289 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
290 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
291 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
292 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
293 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
294 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
295 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
296 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
297 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
298 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
299 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
300 { SMB_VFS_OP_GETXATTR, "getxattr" },
301 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
302 { SMB_VFS_OP_LISTXATTR, "listxattr" },
303 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
304 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
305 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
306 { SMB_VFS_OP_SETXATTR, "setxattr" },
307 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
308 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
309 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
310 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
311 { SMB_VFS_OP_LAST, NULL }
314 static int audit_syslog_facility(vfs_handle_struct *handle)
316 static const struct enum_list enum_log_facilities[] = {
317 { LOG_USER, "USER" },
318 { LOG_LOCAL0, "LOCAL0" },
319 { LOG_LOCAL1, "LOCAL1" },
320 { LOG_LOCAL2, "LOCAL2" },
321 { LOG_LOCAL3, "LOCAL3" },
322 { LOG_LOCAL4, "LOCAL4" },
323 { LOG_LOCAL5, "LOCAL5" },
324 { LOG_LOCAL6, "LOCAL6" },
325 { LOG_LOCAL7, "LOCAL7" },
331 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
336 static int audit_syslog_priority(vfs_handle_struct *handle)
338 static const struct enum_list enum_log_priorities[] = {
339 { LOG_EMERG, "EMERG" },
340 { LOG_ALERT, "ALERT" },
341 { LOG_CRIT, "CRIT" },
343 { LOG_WARNING, "WARNING" },
344 { LOG_NOTICE, "NOTICE" },
345 { LOG_INFO, "INFO" },
346 { LOG_DEBUG, "DEBUG" },
352 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
353 enum_log_priorities, LOG_NOTICE);
354 if (priority == -1) {
355 priority = LOG_WARNING;
361 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
366 prefix = talloc_strdup(ctx,
367 lp_parm_const_string(SNUM(conn), "full_audit",
372 result = talloc_sub_advanced(ctx,
373 lp_servicename(talloc_tos(), SNUM(conn)),
374 conn->session_info->unix_info->unix_name,
376 conn->session_info->unix_token->gid,
377 conn->session_info->unix_info->sanitized_username,
378 conn->session_info->info->domain_name,
384 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
386 struct vfs_full_audit_private_data *pd = NULL;
388 SMB_VFS_HANDLE_GET_DATA(handle, pd,
389 struct vfs_full_audit_private_data,
392 if (pd->success_ops == NULL) {
396 return bitmap_query(pd->success_ops, op);
399 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
401 struct vfs_full_audit_private_data *pd = NULL;
403 SMB_VFS_HANDLE_GET_DATA(handle, pd,
404 struct vfs_full_audit_private_data,
407 if (pd->failure_ops == NULL)
410 return bitmap_query(pd->failure_ops, op);
413 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
421 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
423 DEBUG(0, ("Could not alloc bitmap -- "
424 "defaulting to logging everything\n"));
428 for (; *ops != NULL; ops += 1) {
433 if (strequal(*ops, "all")) {
434 for (i=0; i<SMB_VFS_OP_LAST; i++) {
440 if (strequal(*ops, "none")) {
450 for (i=0; i<SMB_VFS_OP_LAST; i++) {
451 if ((vfs_op_names[i].name == NULL)
452 || (vfs_op_names[i].type != i)) {
453 smb_panic("vfs_full_audit.c: name table not "
454 "in sync with vfs_op_type enums\n");
456 if (strequal(op, vfs_op_names[i].name)) {
465 if (i == SMB_VFS_OP_LAST) {
466 DEBUG(0, ("Could not find opname %s, logging all\n",
475 static const char *audit_opname(vfs_op_type op)
477 if (op >= SMB_VFS_OP_LAST)
478 return "INVALID VFS OP";
479 return vfs_op_names[op].name;
482 static TALLOC_CTX *tmp_do_log_ctx;
484 * Get us a temporary talloc context usable just for DEBUG arguments
486 static TALLOC_CTX *do_log_ctx(void)
488 if (tmp_do_log_ctx == NULL) {
489 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
491 return tmp_do_log_ctx;
494 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
495 const char *format, ...)
498 char *audit_pre = NULL;
503 if (success && (!log_success(handle, op)))
506 if (!success && (!log_failure(handle, op)))
510 fstrcpy(err_msg, "ok");
512 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
514 va_start(ap, format);
515 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
523 * Specify the facility to interoperate with other syslog callers
524 * (smbd for example).
526 priority = audit_syslog_priority(handle) |
527 audit_syslog_facility(handle);
529 audit_pre = audit_prefix(talloc_tos(), handle->conn);
530 syslog(priority, "%s|%s|%s|%s\n",
531 audit_pre ? audit_pre : "",
532 audit_opname(op), err_msg, op_msg);
535 TALLOC_FREE(audit_pre);
537 TALLOC_FREE(tmp_do_log_ctx);
541 * Return a string using the do_log_ctx()
543 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
548 if (smb_fname == NULL) {
551 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
552 if (!NT_STATUS_IS_OK(status)) {
559 * Return an fsp debug string using the do_log_ctx()
561 static const char *fsp_str_do_log(const struct files_struct *fsp)
563 return smb_fname_str_do_log(fsp->fsp_name);
566 /* Implementation of vfs_ops. Pass everything on to the default
567 operation but log event first. */
569 static int smb_full_audit_connect(vfs_handle_struct *handle,
570 const char *svc, const char *user)
573 struct vfs_full_audit_private_data *pd = NULL;
575 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
580 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
582 SMB_VFS_NEXT_DISCONNECT(handle);
587 openlog("smbd_audit", 0, audit_syslog_facility(handle));
590 pd->success_ops = init_bitmap(
591 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
593 pd->failure_ops = init_bitmap(
594 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
597 /* Store the private data. */
598 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
599 struct vfs_full_audit_private_data, return -1);
601 do_log(SMB_VFS_OP_CONNECT, True, handle,
607 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
609 SMB_VFS_NEXT_DISCONNECT(handle);
611 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
612 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
614 /* The bitmaps will be disconnected when the private
618 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
620 bool small_query, uint64_t *bsize,
621 uint64_t *dfree, uint64_t *dsize)
625 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
628 /* Don't have a reasonable notion of failure here */
630 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
635 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
636 enum SMB_QUOTA_TYPE qtype, unid_t id,
641 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
643 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
649 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
650 enum SMB_QUOTA_TYPE qtype, unid_t id,
655 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
657 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
662 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
663 struct files_struct *fsp,
664 struct shadow_copy_data *shadow_copy_data,
669 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
671 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
676 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
678 struct vfs_statvfs_struct *statbuf)
682 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
684 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
689 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
693 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
695 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
700 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
701 const char *fname, const char *mask, uint32 attr)
705 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
707 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
712 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
713 files_struct *fsp, const char *mask, uint32 attr)
717 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
719 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
720 fsp_str_do_log(fsp));
725 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
726 DIR *dirp, SMB_STRUCT_STAT *sbuf)
728 struct dirent *result;
730 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
732 /* This operation has no reasonable error condition
733 * (End of dir is also failure), so always succeed.
735 do_log(SMB_VFS_OP_READDIR, True, handle, "");
740 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
741 DIR *dirp, long offset)
743 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
745 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
748 static long smb_full_audit_telldir(vfs_handle_struct *handle,
753 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
755 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
760 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
763 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
765 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
768 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
769 const char *path, mode_t mode)
773 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
775 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
780 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
785 result = SMB_VFS_NEXT_RMDIR(handle, path);
787 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
792 static int smb_full_audit_closedir(vfs_handle_struct *handle,
797 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
799 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
804 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
807 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
809 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
812 static int smb_full_audit_open(vfs_handle_struct *handle,
813 struct smb_filename *smb_fname,
814 files_struct *fsp, int flags, mode_t mode)
818 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
820 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
821 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
822 smb_fname_str_do_log(smb_fname));
827 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
828 struct smb_request *req,
829 uint16_t root_dir_fid,
830 struct smb_filename *smb_fname,
831 uint32_t access_mask,
832 uint32_t share_access,
833 uint32_t create_disposition,
834 uint32_t create_options,
835 uint32_t file_attributes,
836 uint32_t oplock_request,
837 uint64_t allocation_size,
838 uint32_t private_flags,
839 struct security_descriptor *sd,
840 struct ea_list *ea_list,
841 files_struct **result_fsp,
845 const char* str_create_disposition;
847 switch (create_disposition) {
849 str_create_disposition = "supersede";
851 case FILE_OVERWRITE_IF:
852 str_create_disposition = "overwrite_if";
855 str_create_disposition = "open";
858 str_create_disposition = "overwrite";
861 str_create_disposition = "create";
864 str_create_disposition = "open_if";
867 str_create_disposition = "unknown";
870 result = SMB_VFS_NEXT_CREATE_FILE(
873 root_dir_fid, /* root_dir_fid */
874 smb_fname, /* fname */
875 access_mask, /* access_mask */
876 share_access, /* share_access */
877 create_disposition, /* create_disposition*/
878 create_options, /* create_options */
879 file_attributes, /* file_attributes */
880 oplock_request, /* oplock_request */
881 allocation_size, /* allocation_size */
884 ea_list, /* ea_list */
885 result_fsp, /* result */
888 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
889 "0x%x|%s|%s|%s", access_mask,
890 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
891 str_create_disposition, smb_fname_str_do_log(smb_fname));
896 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
900 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
902 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
903 fsp_str_do_log(fsp));
908 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
909 void *data, size_t n)
913 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
915 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
916 fsp_str_do_log(fsp));
921 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
922 void *data, size_t n, off_t offset)
926 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
928 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
929 fsp_str_do_log(fsp));
934 struct smb_full_audit_pread_state {
935 vfs_handle_struct *handle;
941 static void smb_full_audit_pread_done(struct tevent_req *subreq);
943 static struct tevent_req *smb_full_audit_pread_send(
944 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
945 struct tevent_context *ev, struct files_struct *fsp,
946 void *data, size_t n, off_t offset)
948 struct tevent_req *req, *subreq;
949 struct smb_full_audit_pread_state *state;
951 req = tevent_req_create(mem_ctx, &state,
952 struct smb_full_audit_pread_state);
954 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
955 fsp_str_do_log(fsp));
958 state->handle = handle;
961 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
963 if (tevent_req_nomem(subreq, req)) {
964 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
965 fsp_str_do_log(fsp));
966 return tevent_req_post(req, ev);
968 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
970 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
974 static void smb_full_audit_pread_done(struct tevent_req *subreq)
976 struct tevent_req *req = tevent_req_callback_data(
977 subreq, struct tevent_req);
978 struct smb_full_audit_pread_state *state = tevent_req_data(
979 req, struct smb_full_audit_pread_state);
981 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
983 tevent_req_done(req);
986 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req, int *err)
988 struct smb_full_audit_pread_state *state = tevent_req_data(
989 req, struct smb_full_audit_pread_state);
991 if (tevent_req_is_unix_error(req, err)) {
992 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
993 fsp_str_do_log(state->fsp));
997 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
998 fsp_str_do_log(state->fsp));
1004 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1005 const void *data, size_t n)
1009 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1011 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1012 fsp_str_do_log(fsp));
1017 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1018 const void *data, size_t n,
1023 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1025 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1026 fsp_str_do_log(fsp));
1031 struct smb_full_audit_pwrite_state {
1032 vfs_handle_struct *handle;
1038 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1040 static struct tevent_req *smb_full_audit_pwrite_send(
1041 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1042 struct tevent_context *ev, struct files_struct *fsp,
1043 const void *data, size_t n, off_t offset)
1045 struct tevent_req *req, *subreq;
1046 struct smb_full_audit_pwrite_state *state;
1048 req = tevent_req_create(mem_ctx, &state,
1049 struct smb_full_audit_pwrite_state);
1051 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1052 fsp_str_do_log(fsp));
1055 state->handle = handle;
1058 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1060 if (tevent_req_nomem(subreq, req)) {
1061 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1062 fsp_str_do_log(fsp));
1063 return tevent_req_post(req, ev);
1065 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1067 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1068 fsp_str_do_log(fsp));
1072 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1074 struct tevent_req *req = tevent_req_callback_data(
1075 subreq, struct tevent_req);
1076 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1077 req, struct smb_full_audit_pwrite_state);
1079 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
1080 TALLOC_FREE(subreq);
1081 tevent_req_done(req);
1084 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req, int *err)
1086 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1087 req, struct smb_full_audit_pwrite_state);
1089 if (tevent_req_is_unix_error(req, err)) {
1090 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1091 fsp_str_do_log(state->fsp));
1095 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1096 fsp_str_do_log(state->fsp));
1102 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1103 off_t offset, int whence)
1107 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1109 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1110 "%s", fsp_str_do_log(fsp));
1115 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1116 files_struct *fromfsp,
1117 const DATA_BLOB *hdr, off_t offset,
1122 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1124 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1125 "%s", fsp_str_do_log(fromfsp));
1130 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1131 files_struct *tofsp,
1137 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1139 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1140 "%s", fsp_str_do_log(tofsp));
1145 static int smb_full_audit_rename(vfs_handle_struct *handle,
1146 const struct smb_filename *smb_fname_src,
1147 const struct smb_filename *smb_fname_dst)
1151 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1153 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1154 smb_fname_str_do_log(smb_fname_src),
1155 smb_fname_str_do_log(smb_fname_dst));
1160 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1164 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1166 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1167 fsp_str_do_log(fsp));
1172 struct smb_full_audit_fsync_state {
1173 vfs_handle_struct *handle;
1179 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1181 static struct tevent_req *smb_full_audit_fsync_send(
1182 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1183 struct tevent_context *ev, struct files_struct *fsp)
1185 struct tevent_req *req, *subreq;
1186 struct smb_full_audit_fsync_state *state;
1188 req = tevent_req_create(mem_ctx, &state,
1189 struct smb_full_audit_fsync_state);
1191 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1192 fsp_str_do_log(fsp));
1195 state->handle = handle;
1198 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1199 if (tevent_req_nomem(subreq, req)) {
1200 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1201 fsp_str_do_log(fsp));
1202 return tevent_req_post(req, ev);
1204 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1206 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1210 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1212 struct tevent_req *req = tevent_req_callback_data(
1213 subreq, struct tevent_req);
1214 struct smb_full_audit_fsync_state *state = tevent_req_data(
1215 req, struct smb_full_audit_fsync_state);
1217 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->err);
1218 TALLOC_FREE(subreq);
1219 tevent_req_done(req);
1222 static int smb_full_audit_fsync_recv(struct tevent_req *req, int *err)
1224 struct smb_full_audit_fsync_state *state = tevent_req_data(
1225 req, struct smb_full_audit_fsync_state);
1227 if (tevent_req_is_unix_error(req, err)) {
1228 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1229 fsp_str_do_log(state->fsp));
1233 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1234 fsp_str_do_log(state->fsp));
1240 static int smb_full_audit_stat(vfs_handle_struct *handle,
1241 struct smb_filename *smb_fname)
1245 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1247 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1248 smb_fname_str_do_log(smb_fname));
1253 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1254 SMB_STRUCT_STAT *sbuf)
1258 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1260 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1261 fsp_str_do_log(fsp));
1266 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1267 struct smb_filename *smb_fname)
1271 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1273 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1274 smb_fname_str_do_log(smb_fname));
1279 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1280 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1284 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1286 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1292 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1293 const struct smb_filename *smb_fname)
1297 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1299 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1300 smb_fname_str_do_log(smb_fname));
1305 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1306 const char *path, mode_t mode)
1310 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1312 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1317 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1322 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1324 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1325 "%s|%o", fsp_str_do_log(fsp), mode);
1330 static int smb_full_audit_chown(vfs_handle_struct *handle,
1331 const char *path, uid_t uid, gid_t gid)
1335 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1337 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1338 path, (long int)uid, (long int)gid);
1343 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1344 uid_t uid, gid_t gid)
1348 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1350 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1351 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1356 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1357 const char *path, uid_t uid, gid_t gid)
1361 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1363 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1364 path, (long int)uid, (long int)gid);
1369 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1374 result = SMB_VFS_NEXT_CHDIR(handle, path);
1376 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1381 static char *smb_full_audit_getwd(vfs_handle_struct *handle)
1385 result = SMB_VFS_NEXT_GETWD(handle);
1387 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1388 result == NULL? "" : result);
1393 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1394 const struct smb_filename *smb_fname,
1395 struct smb_file_time *ft)
1399 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1401 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1402 smb_fname_str_do_log(smb_fname));
1407 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1412 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1414 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1415 "%s", fsp_str_do_log(fsp));
1420 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1421 enum vfs_fallocate_mode mode,
1427 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1429 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1430 "%s", fsp_str_do_log(fsp));
1435 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1436 int op, off_t offset, off_t count, int type)
1440 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1442 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1447 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1448 struct files_struct *fsp,
1449 uint32 share_mode, uint32 access_mask)
1453 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1455 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1456 fsp_str_do_log(fsp));
1461 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1466 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1468 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1469 fsp_str_do_log(fsp));
1474 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1475 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1479 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1481 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1486 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1487 const char *oldpath, const char *newpath)
1491 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1493 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1494 "%s|%s", oldpath, newpath);
1499 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1500 const char *path, char *buf, size_t bufsiz)
1504 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1506 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1511 static int smb_full_audit_link(vfs_handle_struct *handle,
1512 const char *oldpath, const char *newpath)
1516 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1518 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1519 "%s|%s", oldpath, newpath);
1524 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1525 const char *pathname, mode_t mode, SMB_DEV_T dev)
1529 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1531 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1536 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1541 result = SMB_VFS_NEXT_REALPATH(handle, path);
1543 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1548 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1549 struct sys_notify_context *ctx,
1552 uint32_t *subdir_filter,
1553 void (*callback)(struct sys_notify_context *ctx,
1555 struct notify_event *ev),
1556 void *private_data, void *handle_p)
1560 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, path,
1561 filter, subdir_filter, callback,
1562 private_data, handle_p);
1564 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1569 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1570 const char *path, unsigned int flags)
1574 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1576 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1581 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1582 const SMB_STRUCT_STAT *sbuf)
1584 struct file_id id_zero;
1585 struct file_id result;
1587 ZERO_STRUCT(id_zero);
1589 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1591 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1592 !file_id_equal(&id_zero, &result),
1593 handle, "%s", file_id_string_tos(&result));
1598 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1599 struct files_struct *fsp,
1601 TALLOC_CTX *mem_ctx,
1602 unsigned int *pnum_streams,
1603 struct stream_struct **pstreams)
1607 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1608 pnum_streams, pstreams);
1610 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1616 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1619 TALLOC_CTX *mem_ctx,
1624 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1627 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1628 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1633 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1638 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1640 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1646 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1647 struct byte_range_lock *br_lck,
1648 struct lock_struct *plock,
1650 struct blocking_lock_record *blr)
1654 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1655 blocking_lock, blr);
1657 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1658 "%s:%llu-%llu. type=%d. blocking=%d",
1659 fsp_str_do_log(brl_fsp(br_lck)),
1660 plock->start, plock->size, plock->lock_type, blocking_lock);
1665 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1666 struct messaging_context *msg_ctx,
1667 struct byte_range_lock *br_lck,
1668 const struct lock_struct *plock)
1672 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1675 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1676 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1678 plock->size, plock->lock_type);
1683 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1684 struct byte_range_lock *br_lck,
1685 struct lock_struct *plock,
1686 struct blocking_lock_record *blr)
1690 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1692 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1693 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1695 plock->size, plock->lock_type);
1700 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1701 struct files_struct *fsp,
1702 struct lock_struct *plock)
1706 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1708 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1709 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1710 plock->size, plock->lock_type);
1715 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1716 struct files_struct *fsp,
1717 struct lock_struct *plock)
1719 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1721 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1722 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1723 plock->size, plock->lock_type);
1726 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1728 enum vfs_translate_direction direction,
1729 TALLOC_CTX *mem_ctx,
1734 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1737 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1742 static struct tevent_req *smb_full_audit_copy_chunk_send(struct vfs_handle_struct *handle,
1743 TALLOC_CTX *mem_ctx,
1744 struct tevent_context *ev,
1745 struct files_struct *src_fsp,
1747 struct files_struct *dest_fsp,
1751 struct tevent_req *req;
1753 req = SMB_VFS_NEXT_COPY_CHUNK_SEND(handle, mem_ctx, ev, src_fsp,
1754 src_off, dest_fsp, dest_off, num);
1756 do_log(SMB_VFS_OP_COPY_CHUNK_SEND, req, handle, "");
1761 static NTSTATUS smb_full_audit_copy_chunk_recv(struct vfs_handle_struct *handle,
1762 struct tevent_req *req,
1767 result = SMB_VFS_NEXT_COPY_CHUNK_RECV(handle, req, copied);
1769 do_log(SMB_VFS_OP_COPY_CHUNK_RECV, NT_STATUS_IS_OK(result), handle, "");
1774 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1775 uint32 security_info,
1776 TALLOC_CTX *mem_ctx,
1777 struct security_descriptor **ppdesc)
1781 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
1784 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1785 "%s", fsp_str_do_log(fsp));
1790 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1792 uint32 security_info,
1793 TALLOC_CTX *mem_ctx,
1794 struct security_descriptor **ppdesc)
1798 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
1801 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1807 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1808 uint32 security_info_sent,
1809 const struct security_descriptor *psd)
1813 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1815 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1816 fsp_str_do_log(fsp));
1821 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1822 const char *path, mode_t mode)
1826 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1828 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1829 "%s|%o", path, mode);
1834 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1839 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1841 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1842 "%s|%o", fsp_str_do_log(fsp), mode);
1847 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1849 SMB_ACL_TYPE_T type,
1850 TALLOC_CTX *mem_ctx)
1854 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type, mem_ctx);
1856 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1862 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1863 files_struct *fsp, TALLOC_CTX *mem_ctx)
1867 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
1869 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1870 "%s", fsp_str_do_log(fsp));
1875 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
1877 TALLOC_CTX *mem_ctx,
1878 char **blob_description,
1883 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob);
1885 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
1891 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1893 TALLOC_CTX *mem_ctx,
1894 char **blob_description,
1899 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
1901 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
1902 "%s", fsp_str_do_log(fsp));
1907 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1909 const char *name, SMB_ACL_TYPE_T acltype,
1914 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1917 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1923 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1928 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1930 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1931 "%s", fsp_str_do_log(fsp));
1936 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1942 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1944 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1950 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1952 const char *name, void *value, size_t size)
1956 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1958 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1959 "%s|%s", path, name);
1964 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1965 struct files_struct *fsp,
1966 const char *name, void *value, size_t size)
1970 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1972 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1973 "%s|%s", fsp_str_do_log(fsp), name);
1978 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1979 const char *path, char *list, size_t size)
1983 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1985 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1990 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1991 struct files_struct *fsp, char *list,
1996 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
1998 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1999 "%s", fsp_str_do_log(fsp));
2004 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2010 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2012 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2013 "%s|%s", path, name);
2018 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2019 struct files_struct *fsp,
2024 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2026 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2027 "%s|%s", fsp_str_do_log(fsp), name);
2032 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2034 const char *name, const void *value, size_t size,
2039 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2042 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2043 "%s|%s", path, name);
2048 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2049 struct files_struct *fsp, const char *name,
2050 const void *value, size_t size, int flags)
2054 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2056 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2057 "%s|%s", fsp_str_do_log(fsp), name);
2062 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2063 struct files_struct *fsp)
2067 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2068 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2069 "%s", fsp_str_do_log(fsp));
2074 static bool smb_full_audit_is_offline(struct vfs_handle_struct *handle,
2075 const struct smb_filename *fname,
2076 SMB_STRUCT_STAT *sbuf)
2080 result = SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
2081 do_log(SMB_VFS_OP_IS_OFFLINE, result, handle, "%s",
2082 smb_fname_str_do_log(fname));
2086 static int smb_full_audit_set_offline(struct vfs_handle_struct *handle,
2087 const struct smb_filename *fname)
2091 result = SMB_VFS_NEXT_SET_OFFLINE(handle, fname);
2092 do_log(SMB_VFS_OP_SET_OFFLINE, result >= 0, handle, "%s",
2093 smb_fname_str_do_log(fname));
2097 static struct vfs_fn_pointers vfs_full_audit_fns = {
2099 /* Disk operations */
2101 .connect_fn = smb_full_audit_connect,
2102 .disconnect_fn = smb_full_audit_disconnect,
2103 .disk_free_fn = smb_full_audit_disk_free,
2104 .get_quota_fn = smb_full_audit_get_quota,
2105 .set_quota_fn = smb_full_audit_set_quota,
2106 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2107 .statvfs_fn = smb_full_audit_statvfs,
2108 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2109 .opendir_fn = smb_full_audit_opendir,
2110 .fdopendir_fn = smb_full_audit_fdopendir,
2111 .readdir_fn = smb_full_audit_readdir,
2112 .seekdir_fn = smb_full_audit_seekdir,
2113 .telldir_fn = smb_full_audit_telldir,
2114 .rewind_dir_fn = smb_full_audit_rewinddir,
2115 .mkdir_fn = smb_full_audit_mkdir,
2116 .rmdir_fn = smb_full_audit_rmdir,
2117 .closedir_fn = smb_full_audit_closedir,
2118 .init_search_op_fn = smb_full_audit_init_search_op,
2119 .open_fn = smb_full_audit_open,
2120 .create_file_fn = smb_full_audit_create_file,
2121 .close_fn = smb_full_audit_close,
2122 .read_fn = smb_full_audit_read,
2123 .pread_fn = smb_full_audit_pread,
2124 .pread_send_fn = smb_full_audit_pread_send,
2125 .pread_recv_fn = smb_full_audit_pread_recv,
2126 .write_fn = smb_full_audit_write,
2127 .pwrite_fn = smb_full_audit_pwrite,
2128 .pwrite_send_fn = smb_full_audit_pwrite_send,
2129 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2130 .lseek_fn = smb_full_audit_lseek,
2131 .sendfile_fn = smb_full_audit_sendfile,
2132 .recvfile_fn = smb_full_audit_recvfile,
2133 .rename_fn = smb_full_audit_rename,
2134 .fsync_fn = smb_full_audit_fsync,
2135 .fsync_send_fn = smb_full_audit_fsync_send,
2136 .fsync_recv_fn = smb_full_audit_fsync_recv,
2137 .stat_fn = smb_full_audit_stat,
2138 .fstat_fn = smb_full_audit_fstat,
2139 .lstat_fn = smb_full_audit_lstat,
2140 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2141 .unlink_fn = smb_full_audit_unlink,
2142 .chmod_fn = smb_full_audit_chmod,
2143 .fchmod_fn = smb_full_audit_fchmod,
2144 .chown_fn = smb_full_audit_chown,
2145 .fchown_fn = smb_full_audit_fchown,
2146 .lchown_fn = smb_full_audit_lchown,
2147 .chdir_fn = smb_full_audit_chdir,
2148 .getwd_fn = smb_full_audit_getwd,
2149 .ntimes_fn = smb_full_audit_ntimes,
2150 .ftruncate_fn = smb_full_audit_ftruncate,
2151 .fallocate_fn = smb_full_audit_fallocate,
2152 .lock_fn = smb_full_audit_lock,
2153 .kernel_flock_fn = smb_full_audit_kernel_flock,
2154 .linux_setlease_fn = smb_full_audit_linux_setlease,
2155 .getlock_fn = smb_full_audit_getlock,
2156 .symlink_fn = smb_full_audit_symlink,
2157 .readlink_fn = smb_full_audit_readlink,
2158 .link_fn = smb_full_audit_link,
2159 .mknod_fn = smb_full_audit_mknod,
2160 .realpath_fn = smb_full_audit_realpath,
2161 .notify_watch_fn = smb_full_audit_notify_watch,
2162 .chflags_fn = smb_full_audit_chflags,
2163 .file_id_create_fn = smb_full_audit_file_id_create,
2164 .streaminfo_fn = smb_full_audit_streaminfo,
2165 .get_real_filename_fn = smb_full_audit_get_real_filename,
2166 .connectpath_fn = smb_full_audit_connectpath,
2167 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2168 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2169 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2170 .strict_lock_fn = smb_full_audit_strict_lock,
2171 .strict_unlock_fn = smb_full_audit_strict_unlock,
2172 .translate_name_fn = smb_full_audit_translate_name,
2173 .copy_chunk_send_fn = smb_full_audit_copy_chunk_send,
2174 .copy_chunk_recv_fn = smb_full_audit_copy_chunk_recv,
2175 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2176 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2177 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2178 .chmod_acl_fn = smb_full_audit_chmod_acl,
2179 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2180 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2181 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2182 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2183 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2184 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2185 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2186 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2187 .getxattr_fn = smb_full_audit_getxattr,
2188 .fgetxattr_fn = smb_full_audit_fgetxattr,
2189 .listxattr_fn = smb_full_audit_listxattr,
2190 .flistxattr_fn = smb_full_audit_flistxattr,
2191 .removexattr_fn = smb_full_audit_removexattr,
2192 .fremovexattr_fn = smb_full_audit_fremovexattr,
2193 .setxattr_fn = smb_full_audit_setxattr,
2194 .fsetxattr_fn = smb_full_audit_fsetxattr,
2195 .aio_force_fn = smb_full_audit_aio_force,
2196 .is_offline_fn = smb_full_audit_is_offline,
2197 .set_offline_fn = smb_full_audit_set_offline,
2200 NTSTATUS vfs_full_audit_init(void)
2202 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2203 "full_audit", &vfs_full_audit_fns);
2205 if (!NT_STATUS_IS_OK(ret))
2208 vfs_full_audit_debug_level = debug_add_class("full_audit");
2209 if (vfs_full_audit_debug_level == -1) {
2210 vfs_full_audit_debug_level = DBGC_VFS;
2211 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2214 DEBUG(10, ("vfs_full_audit: Debug class number of "
2215 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / bbaumbach / samba-autobuild / .git / blob