#undef DBGC_CLASS
#define DBGC_CLASS vfs_full_audit_debug_level
+typedef enum _vfs_op_type {
+ SMB_VFS_OP_NOOP = -1,
+
+ /* Disk operations */
+
+ SMB_VFS_OP_CONNECT = 0,
+ SMB_VFS_OP_DISCONNECT,
+ SMB_VFS_OP_DISK_FREE,
+ SMB_VFS_OP_GET_QUOTA,
+ SMB_VFS_OP_SET_QUOTA,
+ SMB_VFS_OP_GET_SHADOW_COPY_DATA,
+ SMB_VFS_OP_STATVFS,
+ SMB_VFS_OP_FS_CAPABILITIES,
+
+ /* Directory operations */
+
+ SMB_VFS_OP_OPENDIR,
+ SMB_VFS_OP_READDIR,
+ SMB_VFS_OP_SEEKDIR,
+ SMB_VFS_OP_TELLDIR,
+ SMB_VFS_OP_REWINDDIR,
+ SMB_VFS_OP_MKDIR,
+ SMB_VFS_OP_RMDIR,
+ SMB_VFS_OP_CLOSEDIR,
+ SMB_VFS_OP_INIT_SEARCH_OP,
+
+ /* File operations */
+
+ SMB_VFS_OP_OPEN,
+ SMB_VFS_OP_CREATE_FILE,
+ SMB_VFS_OP_CLOSE,
+ SMB_VFS_OP_READ,
+ SMB_VFS_OP_PREAD,
+ SMB_VFS_OP_WRITE,
+ SMB_VFS_OP_PWRITE,
+ SMB_VFS_OP_LSEEK,
+ SMB_VFS_OP_SENDFILE,
+ SMB_VFS_OP_RECVFILE,
+ SMB_VFS_OP_RENAME,
+ SMB_VFS_OP_FSYNC,
+ SMB_VFS_OP_STAT,
+ SMB_VFS_OP_FSTAT,
+ SMB_VFS_OP_LSTAT,
+ SMB_VFS_OP_GET_ALLOC_SIZE,
+ SMB_VFS_OP_UNLINK,
+ SMB_VFS_OP_CHMOD,
+ SMB_VFS_OP_FCHMOD,
+ SMB_VFS_OP_CHOWN,
+ SMB_VFS_OP_FCHOWN,
+ SMB_VFS_OP_LCHOWN,
+ SMB_VFS_OP_CHDIR,
+ SMB_VFS_OP_GETWD,
+ SMB_VFS_OP_NTIMES,
+ SMB_VFS_OP_FTRUNCATE,
+ SMB_VFS_OP_LOCK,
+ SMB_VFS_OP_KERNEL_FLOCK,
+ SMB_VFS_OP_LINUX_SETLEASE,
+ SMB_VFS_OP_GETLOCK,
+ SMB_VFS_OP_SYMLINK,
+ SMB_VFS_OP_READLINK,
+ SMB_VFS_OP_LINK,
+ SMB_VFS_OP_MKNOD,
+ SMB_VFS_OP_REALPATH,
+ SMB_VFS_OP_NOTIFY_WATCH,
+ SMB_VFS_OP_CHFLAGS,
+ SMB_VFS_OP_FILE_ID_CREATE,
+ SMB_VFS_OP_STREAMINFO,
+ SMB_VFS_OP_GET_REAL_FILENAME,
+ SMB_VFS_OP_CONNECTPATH,
+ SMB_VFS_OP_BRL_LOCK_WINDOWS,
+ SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
+ SMB_VFS_OP_BRL_CANCEL_WINDOWS,
+ SMB_VFS_OP_STRICT_LOCK,
+ SMB_VFS_OP_STRICT_UNLOCK,
+ SMB_VFS_OP_TRANSLATE_NAME,
+
+ /* NT ACL operations. */
+
+ SMB_VFS_OP_FGET_NT_ACL,
+ SMB_VFS_OP_GET_NT_ACL,
+ SMB_VFS_OP_FSET_NT_ACL,
+
+ /* POSIX ACL operations. */
+
+ SMB_VFS_OP_CHMOD_ACL,
+ SMB_VFS_OP_FCHMOD_ACL,
+
+ SMB_VFS_OP_SYS_ACL_GET_ENTRY,
+ SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
+ SMB_VFS_OP_SYS_ACL_GET_PERMSET,
+ SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
+ SMB_VFS_OP_SYS_ACL_GET_FILE,
+ SMB_VFS_OP_SYS_ACL_GET_FD,
+ SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
+ SMB_VFS_OP_SYS_ACL_ADD_PERM,
+ SMB_VFS_OP_SYS_ACL_TO_TEXT,
+ SMB_VFS_OP_SYS_ACL_INIT,
+ SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
+ SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
+ SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
+ SMB_VFS_OP_SYS_ACL_SET_PERMSET,
+ SMB_VFS_OP_SYS_ACL_VALID,
+ SMB_VFS_OP_SYS_ACL_SET_FILE,
+ SMB_VFS_OP_SYS_ACL_SET_FD,
+ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
+ SMB_VFS_OP_SYS_ACL_GET_PERM,
+ SMB_VFS_OP_SYS_ACL_FREE_TEXT,
+ SMB_VFS_OP_SYS_ACL_FREE_ACL,
+ SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
+
+ /* EA operations. */
+ SMB_VFS_OP_GETXATTR,
+ SMB_VFS_OP_LGETXATTR,
+ SMB_VFS_OP_FGETXATTR,
+ SMB_VFS_OP_LISTXATTR,
+ SMB_VFS_OP_LLISTXATTR,
+ SMB_VFS_OP_FLISTXATTR,
+ SMB_VFS_OP_REMOVEXATTR,
+ SMB_VFS_OP_LREMOVEXATTR,
+ SMB_VFS_OP_FREMOVEXATTR,
+ SMB_VFS_OP_SETXATTR,
+ SMB_VFS_OP_LSETXATTR,
+ SMB_VFS_OP_FSETXATTR,
+
+ /* aio operations */
+ SMB_VFS_OP_AIO_READ,
+ SMB_VFS_OP_AIO_WRITE,
+ SMB_VFS_OP_AIO_RETURN,
+ SMB_VFS_OP_AIO_CANCEL,
+ SMB_VFS_OP_AIO_ERROR,
+ SMB_VFS_OP_AIO_FSYNC,
+ SMB_VFS_OP_AIO_SUSPEND,
+ SMB_VFS_OP_AIO_FORCE,
+
+ /* offline operations */
+ SMB_VFS_OP_IS_OFFLINE,
+ SMB_VFS_OP_SET_OFFLINE,
+
+ /* This should always be last enum value */
+
+ SMB_VFS_OP_LAST
+} vfs_op_type;
+
/* The following array *must* be in the same order as defined in vfs.h */
static struct {
{ SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
{ SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
{ SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
+ { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
{ SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
{ SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
{ SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
char *audit_pre = NULL;
va_list ap;
char *op_msg = NULL;
+ int priority;
if (success && (!log_success(handle, op)))
goto out;
goto out;
}
+ /*
+ * Specify the facility to interoperate with other syslog callers
+ * (smbd for example).
+ */
+ priority = audit_syslog_priority(handle) |
+ audit_syslog_facility(handle);
+
audit_pre = audit_prefix(talloc_tos(), handle->conn);
- syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
+ syslog(priority, "%s|%s|%s|%s\n",
audit_pre ? audit_pre : "",
audit_opname(op), err_msg, op_msg);
}
ZERO_STRUCTP(pd);
+#ifndef WITH_SYSLOG
openlog("smbd_audit", 0, audit_syslog_facility(handle));
+#endif
init_bitmap(&pd->success_ops,
lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
return result;
}
-static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle)
+static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
{
int result;
- result = SMB_VFS_NEXT_FS_CAPABILITIES(handle);
+ result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
int *pinfo)
{
NTSTATUS result;
+ const char* str_create_disposition;
+
+ switch (create_disposition) {
+ case FILE_SUPERSEDE:
+ str_create_disposition = "supersede";
+ break;
+ case FILE_OVERWRITE_IF:
+ str_create_disposition = "overwrite_if";
+ break;
+ case FILE_OPEN:
+ str_create_disposition = "open";
+ break;
+ case FILE_OVERWRITE:
+ str_create_disposition = "overwrite";
+ break;
+ case FILE_CREATE:
+ str_create_disposition = "create";
+ break;
+ case FILE_OPEN_IF:
+ str_create_disposition = "open_if";
+ break;
+ default:
+ str_create_disposition = "unknown";
+ }
result = SMB_VFS_NEXT_CREATE_FILE(
handle, /* handle */
result_fsp, /* result */
pinfo); /* pinfo */
- do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
- access_mask, smb_fname_str_do_log(smb_fname));
+ do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
+ "0x%x|%s|%s|%s", access_mask,
+ create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
+ str_create_disposition, smb_fname_str_do_log(smb_fname));
return result;
}
return;
}
+static NTSTATUS smb_full_audit_translate_name(vfs_handle_struct *handle,
+ char **mapped_name)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, mapped_name);
+
+ do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
+
+ return result;
+}
+
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc)
.brl_cancel_windows = smb_full_audit_brl_cancel_windows,
.strict_lock = smb_full_audit_strict_lock,
.strict_unlock = smb_full_audit_strict_unlock,
+ .translate_name = smb_full_audit_translate_name,
.fget_nt_acl = smb_full_audit_fget_nt_acl,
.get_nt_acl = smb_full_audit_get_nt_acl,
.fset_nt_acl = smb_full_audit_fset_nt_acl,
git.samba.org / samba.git / blobdiff