18ee5ba50f99c734db02d9f7f2402acac99b9af2
[samba.git] / source3 / modules / vfs_full_audit.c
1 /* 
2  * Auditing VFS module for samba.  Log selected file operations to syslog
3  * facility.
4  *
5  * Copyright (C) Tim Potter, 1999-2000
6  * Copyright (C) Alexander Bokovoy, 2002
7  * Copyright (C) John H Terpstra, 2003
8  * Copyright (C) Stefan (metze) Metzmacher, 2003
9  * Copyright (C) Volker Lendecke, 2004
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 3 of the License, or
14  * (at your option) any later version.
15  *  
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *  
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /*
26  * This module implements parseable logging for all Samba VFS operations.
27  *
28  * You use it as follows:
29  *
30  * [tmp]
31  * path = /tmp
32  * vfs objects = full_audit
33  * full_audit:prefix = %u|%I
34  * full_audit:success = open opendir
35  * full_audit:failure = all
36  *
37  * vfs op can be "all" which means log all operations.
38  * vfs op can be "none" which means no logging.
39  *
40  * This leads to syslog entries of the form:
41  * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42  * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
43  *
44  * where "nobody" is the connected username and "192.168.234.1" is the
45  * client's IP address. 
46  *
47  * Options:
48  *
49  * prefix: A macro expansion template prepended to the syslog entry.
50  *
51  * success: A list of VFS operations for which a successful completion should
52  * be logged. Defaults to no logging at all. The special operation "all" logs
53  * - you guessed it - everything.
54  *
55  * failure: A list of VFS operations for which failure to complete should be
56  * logged. Defaults to logging everything.
57  */
58
59
60 #include "includes.h"
61
62 extern userdom_struct current_user_info;
63
64 static int vfs_full_audit_debug_level = DBGC_VFS;
65
66 struct vfs_full_audit_private_data {
67         struct bitmap *success_ops;
68         struct bitmap *failure_ops;
69 };
70
71 #undef DBGC_CLASS
72 #define DBGC_CLASS vfs_full_audit_debug_level
73
74 /* Function prototypes */
75
76 static int smb_full_audit_connect(vfs_handle_struct *handle,
77                          const char *svc, const char *user);
78 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
79 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
80                                     const char *path,
81                                     bool small_query, SMB_BIG_UINT *bsize, 
82                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
83 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
84                            enum SMB_QUOTA_TYPE qtype, unid_t id,
85                            SMB_DISK_QUOTA *qt);
86 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
87                            enum SMB_QUOTA_TYPE qtype, unid_t id,
88                            SMB_DISK_QUOTA *qt);
89 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
90                                 struct files_struct *fsp,
91                                 SHADOW_COPY_DATA *shadow_copy_data, bool labels);
92 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
93                                 const char *path,
94                                 struct vfs_statvfs_struct *statbuf);
95
96 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
97                           const char *fname, const char *mask, uint32 attr);
98 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
99                                     SMB_STRUCT_DIR *dirp);
100 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
101                         SMB_STRUCT_DIR *dirp, long offset);
102 static long smb_full_audit_telldir(vfs_handle_struct *handle,
103                         SMB_STRUCT_DIR *dirp);
104 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
105                         SMB_STRUCT_DIR *dirp);
106 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
107                        const char *path, mode_t mode);
108 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
109                        const char *path);
110 static int smb_full_audit_closedir(vfs_handle_struct *handle,
111                           SMB_STRUCT_DIR *dirp);
112 static int smb_full_audit_open(vfs_handle_struct *handle,
113                       const char *fname, files_struct *fsp, int flags, mode_t mode);
114 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
115 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
116                           void *data, size_t n);
117 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
118                            void *data, size_t n, SMB_OFF_T offset);
119 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
120                            int fd, const void *data, size_t n);
121 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
122                             const void *data, size_t n,
123                             SMB_OFF_T offset);
124 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
125                              SMB_OFF_T offset, int whence);
126 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
127                               files_struct *fsp, int fromfd,
128                               const DATA_BLOB *hdr, SMB_OFF_T offset,
129                               size_t n);
130 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
131                               files_struct *fsp, int tofd,
132                               SMB_OFF_T offset,
133                               size_t n);
134 static int smb_full_audit_rename(vfs_handle_struct *handle,
135                         const char *oldname, const char *newname);
136 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp);
137 static int smb_full_audit_stat(vfs_handle_struct *handle,
138                       const char *fname, SMB_STRUCT_STAT *sbuf);
139 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
140                        SMB_STRUCT_STAT *sbuf);
141 static int smb_full_audit_lstat(vfs_handle_struct *handle,
142                        const char *path, SMB_STRUCT_STAT *sbuf);
143 static int smb_full_audit_unlink(vfs_handle_struct *handle,
144                         const char *path);
145 static int smb_full_audit_chmod(vfs_handle_struct *handle,
146                        const char *path, mode_t mode);
147 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
148                         mode_t mode);
149 static int smb_full_audit_chown(vfs_handle_struct *handle,
150                        const char *path, uid_t uid, gid_t gid);
151 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
152                         uid_t uid, gid_t gid);
153 static int smb_full_audit_lchown(vfs_handle_struct *handle,
154                        const char *path, uid_t uid, gid_t gid);
155 static int smb_full_audit_chdir(vfs_handle_struct *handle,
156                        const char *path);
157 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
158                          char *path);
159 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
160                        const char *path, const struct timespec ts[2]);
161 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
162                            SMB_OFF_T len);
163 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
164                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
165 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
166                                        struct files_struct *fsp,
167                                        uint32 share_mode);
168 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
169                                         int leasetype);
170 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
171                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
172 static int smb_full_audit_symlink(vfs_handle_struct *handle,
173                          const char *oldpath, const char *newpath);
174 static int smb_full_audit_readlink(vfs_handle_struct *handle,
175                           const char *path, char *buf, size_t bufsiz);
176 static int smb_full_audit_link(vfs_handle_struct *handle,
177                       const char *oldpath, const char *newpath);
178 static int smb_full_audit_mknod(vfs_handle_struct *handle,
179                        const char *pathname, mode_t mode, SMB_DEV_T dev);
180 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
181                             const char *path, char *resolved_path);
182 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
183                         struct sys_notify_context *ctx,
184                         struct notify_entry *e,
185                         void (*callback)(struct sys_notify_context *ctx,
186                                         void *private_data,
187                                         struct notify_event *ev),
188                         void *private_data, void *handle_p);
189 static int smb_full_audit_chflags(vfs_handle_struct *handle,
190                             const char *path, unsigned int flags);
191 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
192                                                     SMB_DEV_T dev, SMB_INO_T inode);
193 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
194                                 uint32 security_info,
195                                 SEC_DESC **ppdesc);
196 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
197                                const char *name, uint32 security_info,
198                                SEC_DESC **ppdesc);
199 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
200                               uint32 security_info_sent,
201                               SEC_DESC *psd);
202 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
203                              const char *name, uint32 security_info_sent,
204                              SEC_DESC *psd);
205 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
206                            const char *path, mode_t mode);
207 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
208                                      mode_t mode);
209 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
210                                    SMB_ACL_T theacl, int entry_id,
211                                    SMB_ACL_ENTRY_T *entry_p);
212 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
213                                       SMB_ACL_ENTRY_T entry_d,
214                                       SMB_ACL_TAG_T *tag_type_p);
215 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
216                                      SMB_ACL_ENTRY_T entry_d,
217                                      SMB_ACL_PERMSET_T *permset_p);
218 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
219                                           SMB_ACL_ENTRY_T entry_d);
220 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
221                                         const char *path_p,
222                                         SMB_ACL_TYPE_T type);
223 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
224                                       files_struct *fsp);
225 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
226                                      SMB_ACL_PERMSET_T permset);
227 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
228                                   SMB_ACL_PERMSET_T permset,
229                                   SMB_ACL_PERM_T perm);
230 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
231                                     SMB_ACL_T theacl,
232                                     ssize_t *plen);
233 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
234                                     int count);
235 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
236                                       SMB_ACL_T *pacl,
237                                       SMB_ACL_ENTRY_T *pentry);
238 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
239                                       SMB_ACL_ENTRY_T entry,
240                                       SMB_ACL_TAG_T tagtype);
241 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
242                                        SMB_ACL_ENTRY_T entry,
243                                        void *qual);
244 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
245                                      SMB_ACL_ENTRY_T entry,
246                                      SMB_ACL_PERMSET_T permset);
247 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
248                                SMB_ACL_T theacl );
249 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
250                                   const char *name, SMB_ACL_TYPE_T acltype,
251                                   SMB_ACL_T theacl);
252 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
253                                 SMB_ACL_T theacl);
254 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
255                                          const char *path);
256 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
257                                   SMB_ACL_PERMSET_T permset,
258                                   SMB_ACL_PERM_T perm);
259 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
260                                    char *text);
261 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
262                                   SMB_ACL_T posix_acl);
263 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
264                                         void *qualifier,
265                                         SMB_ACL_TAG_T tagtype);
266 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
267                               const char *path,
268                               const char *name, void *value, size_t size);
269 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
270                                const char *path, const char *name,
271                                void *value, size_t size);
272 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
273                                struct files_struct *fsp,
274                                const char *name, void *value, size_t size);
275 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
276                                const char *path, char *list, size_t size);
277 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
278                                 const char *path, char *list, size_t size);
279 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
280                                 struct files_struct *fsp, char *list,
281                                 size_t size);
282 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
283                              const char *path,
284                              const char *name);
285 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
286                               const char *path,
287                               const char *name);
288 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
289                               struct files_struct *fsp,
290                               const char *name);
291 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
292                           const char *path,
293                           const char *name, const void *value, size_t size,
294                           int flags);
295 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
296                            const char *path,
297                            const char *name, const void *value, size_t size,
298                            int flags);
299 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
300                            struct files_struct *fsp, const char *name,
301                            const void *value, size_t size, int flags);
302
303 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
304 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
305 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
306 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
307 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
308 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
309 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
310
311 /* VFS operations */
312
313 static vfs_op_tuple audit_op_tuples[] = {
314     
315         /* Disk operations */
316
317         {SMB_VFS_OP(smb_full_audit_connect),    SMB_VFS_OP_CONNECT,
318          SMB_VFS_LAYER_LOGGER},
319         {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
320          SMB_VFS_LAYER_LOGGER},
321         {SMB_VFS_OP(smb_full_audit_disk_free),  SMB_VFS_OP_DISK_FREE,
322          SMB_VFS_LAYER_LOGGER},
323         {SMB_VFS_OP(smb_full_audit_get_quota),  SMB_VFS_OP_GET_QUOTA,
324          SMB_VFS_LAYER_LOGGER},
325         {SMB_VFS_OP(smb_full_audit_set_quota),  SMB_VFS_OP_SET_QUOTA,
326          SMB_VFS_LAYER_LOGGER},
327         {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
328          SMB_VFS_LAYER_LOGGER},
329         {SMB_VFS_OP(smb_full_audit_statvfs),    SMB_VFS_OP_STATVFS,
330          SMB_VFS_LAYER_LOGGER},
331
332         /* Directory operations */
333
334         {SMB_VFS_OP(smb_full_audit_opendir),    SMB_VFS_OP_OPENDIR,
335          SMB_VFS_LAYER_LOGGER},
336         {SMB_VFS_OP(smb_full_audit_readdir),    SMB_VFS_OP_READDIR,
337          SMB_VFS_LAYER_LOGGER},
338         {SMB_VFS_OP(smb_full_audit_seekdir),    SMB_VFS_OP_SEEKDIR,
339          SMB_VFS_LAYER_LOGGER},
340         {SMB_VFS_OP(smb_full_audit_telldir),    SMB_VFS_OP_TELLDIR,
341          SMB_VFS_LAYER_LOGGER},
342         {SMB_VFS_OP(smb_full_audit_rewinddir),  SMB_VFS_OP_REWINDDIR,
343          SMB_VFS_LAYER_LOGGER},
344         {SMB_VFS_OP(smb_full_audit_mkdir),      SMB_VFS_OP_MKDIR,
345          SMB_VFS_LAYER_LOGGER},
346         {SMB_VFS_OP(smb_full_audit_rmdir),      SMB_VFS_OP_RMDIR,
347          SMB_VFS_LAYER_LOGGER},
348         {SMB_VFS_OP(smb_full_audit_closedir),   SMB_VFS_OP_CLOSEDIR,
349          SMB_VFS_LAYER_LOGGER},
350
351         /* File operations */
352
353         {SMB_VFS_OP(smb_full_audit_open),       SMB_VFS_OP_OPEN,
354          SMB_VFS_LAYER_LOGGER},
355         {SMB_VFS_OP(smb_full_audit_close),      SMB_VFS_OP_CLOSE,
356          SMB_VFS_LAYER_LOGGER},
357         {SMB_VFS_OP(smb_full_audit_read),       SMB_VFS_OP_READ,
358          SMB_VFS_LAYER_LOGGER},
359         {SMB_VFS_OP(smb_full_audit_pread),      SMB_VFS_OP_PREAD,
360          SMB_VFS_LAYER_LOGGER},
361         {SMB_VFS_OP(smb_full_audit_write),      SMB_VFS_OP_WRITE,
362          SMB_VFS_LAYER_LOGGER},
363         {SMB_VFS_OP(smb_full_audit_pwrite),     SMB_VFS_OP_PWRITE,
364          SMB_VFS_LAYER_LOGGER},
365         {SMB_VFS_OP(smb_full_audit_lseek),      SMB_VFS_OP_LSEEK,
366          SMB_VFS_LAYER_LOGGER},
367         {SMB_VFS_OP(smb_full_audit_sendfile),   SMB_VFS_OP_SENDFILE,
368          SMB_VFS_LAYER_LOGGER},
369         {SMB_VFS_OP(smb_full_audit_recvfile),   SMB_VFS_OP_RECVFILE,
370          SMB_VFS_LAYER_LOGGER},
371         {SMB_VFS_OP(smb_full_audit_rename),     SMB_VFS_OP_RENAME,
372          SMB_VFS_LAYER_LOGGER},
373         {SMB_VFS_OP(smb_full_audit_fsync),      SMB_VFS_OP_FSYNC,
374          SMB_VFS_LAYER_LOGGER},
375         {SMB_VFS_OP(smb_full_audit_stat),       SMB_VFS_OP_STAT,
376          SMB_VFS_LAYER_LOGGER},
377         {SMB_VFS_OP(smb_full_audit_fstat),      SMB_VFS_OP_FSTAT,
378          SMB_VFS_LAYER_LOGGER},
379         {SMB_VFS_OP(smb_full_audit_lstat),      SMB_VFS_OP_LSTAT,
380          SMB_VFS_LAYER_LOGGER},
381         {SMB_VFS_OP(smb_full_audit_unlink),     SMB_VFS_OP_UNLINK,
382          SMB_VFS_LAYER_LOGGER},
383         {SMB_VFS_OP(smb_full_audit_chmod),      SMB_VFS_OP_CHMOD,
384          SMB_VFS_LAYER_LOGGER},
385         {SMB_VFS_OP(smb_full_audit_fchmod),     SMB_VFS_OP_FCHMOD,
386          SMB_VFS_LAYER_LOGGER},
387         {SMB_VFS_OP(smb_full_audit_chown),      SMB_VFS_OP_CHOWN,
388          SMB_VFS_LAYER_LOGGER},
389         {SMB_VFS_OP(smb_full_audit_fchown),     SMB_VFS_OP_FCHOWN,
390          SMB_VFS_LAYER_LOGGER},
391         {SMB_VFS_OP(smb_full_audit_lchown),     SMB_VFS_OP_LCHOWN,
392          SMB_VFS_LAYER_LOGGER},
393         {SMB_VFS_OP(smb_full_audit_chdir),      SMB_VFS_OP_CHDIR,
394          SMB_VFS_LAYER_LOGGER},
395         {SMB_VFS_OP(smb_full_audit_getwd),      SMB_VFS_OP_GETWD,
396          SMB_VFS_LAYER_LOGGER},
397         {SMB_VFS_OP(smb_full_audit_ntimes),     SMB_VFS_OP_NTIMES,
398          SMB_VFS_LAYER_LOGGER},
399         {SMB_VFS_OP(smb_full_audit_ftruncate),  SMB_VFS_OP_FTRUNCATE,
400          SMB_VFS_LAYER_LOGGER},
401         {SMB_VFS_OP(smb_full_audit_lock),       SMB_VFS_OP_LOCK,
402          SMB_VFS_LAYER_LOGGER},
403         {SMB_VFS_OP(smb_full_audit_kernel_flock),       SMB_VFS_OP_KERNEL_FLOCK,
404          SMB_VFS_LAYER_LOGGER},
405         {SMB_VFS_OP(smb_full_audit_linux_setlease),       SMB_VFS_OP_LINUX_SETLEASE,
406          SMB_VFS_LAYER_LOGGER},
407         {SMB_VFS_OP(smb_full_audit_getlock),    SMB_VFS_OP_GETLOCK,
408          SMB_VFS_LAYER_LOGGER},
409         {SMB_VFS_OP(smb_full_audit_symlink),    SMB_VFS_OP_SYMLINK,
410          SMB_VFS_LAYER_LOGGER},
411         {SMB_VFS_OP(smb_full_audit_readlink),   SMB_VFS_OP_READLINK,
412          SMB_VFS_LAYER_LOGGER},
413         {SMB_VFS_OP(smb_full_audit_link),       SMB_VFS_OP_LINK,
414          SMB_VFS_LAYER_LOGGER},
415         {SMB_VFS_OP(smb_full_audit_mknod),      SMB_VFS_OP_MKNOD,
416          SMB_VFS_LAYER_LOGGER},
417         {SMB_VFS_OP(smb_full_audit_realpath),   SMB_VFS_OP_REALPATH,
418          SMB_VFS_LAYER_LOGGER},
419         {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
420          SMB_VFS_LAYER_LOGGER},
421         {SMB_VFS_OP(smb_full_audit_chflags),    SMB_VFS_OP_CHFLAGS,
422          SMB_VFS_LAYER_LOGGER},
423         {SMB_VFS_OP(smb_full_audit_file_id_create),     SMB_VFS_OP_FILE_ID_CREATE,
424          SMB_VFS_LAYER_LOGGER},
425
426         /* NT ACL operations. */
427
428         {SMB_VFS_OP(smb_full_audit_fget_nt_acl),        SMB_VFS_OP_FGET_NT_ACL,
429          SMB_VFS_LAYER_LOGGER},
430         {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
431          SMB_VFS_LAYER_LOGGER},
432         {SMB_VFS_OP(smb_full_audit_fset_nt_acl),        SMB_VFS_OP_FSET_NT_ACL,
433          SMB_VFS_LAYER_LOGGER},
434         {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
435          SMB_VFS_LAYER_LOGGER},
436
437         /* POSIX ACL operations. */
438
439         {SMB_VFS_OP(smb_full_audit_chmod_acl),  SMB_VFS_OP_CHMOD_ACL,
440          SMB_VFS_LAYER_LOGGER},
441         {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
442          SMB_VFS_LAYER_LOGGER},
443         {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry),  SMB_VFS_OP_SYS_ACL_GET_ENTRY,
444          SMB_VFS_LAYER_LOGGER},
445         {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type),       SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
446          SMB_VFS_LAYER_LOGGER},
447         {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset),        SMB_VFS_OP_SYS_ACL_GET_PERMSET,
448          SMB_VFS_LAYER_LOGGER},
449         {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier),      SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
450          SMB_VFS_LAYER_LOGGER},
451         {SMB_VFS_OP(smb_full_audit_sys_acl_get_file),   SMB_VFS_OP_SYS_ACL_GET_FILE,
452          SMB_VFS_LAYER_LOGGER},
453 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd),     SMB_VFS_OP_SYS_ACL_GET_FD,
454          SMB_VFS_LAYER_LOGGER},
455         {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms),        SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
456          SMB_VFS_LAYER_LOGGER},
457         {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm),   SMB_VFS_OP_SYS_ACL_ADD_PERM,
458          SMB_VFS_LAYER_LOGGER},
459         {SMB_VFS_OP(smb_full_audit_sys_acl_to_text),    SMB_VFS_OP_SYS_ACL_TO_TEXT,
460          SMB_VFS_LAYER_LOGGER},
461         {SMB_VFS_OP(smb_full_audit_sys_acl_init),       SMB_VFS_OP_SYS_ACL_INIT,
462          SMB_VFS_LAYER_LOGGER},
463         {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry),       SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
464          SMB_VFS_LAYER_LOGGER},
465         {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type),       SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
466          SMB_VFS_LAYER_LOGGER},
467         {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier),      SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
468          SMB_VFS_LAYER_LOGGER},
469         {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset),        SMB_VFS_OP_SYS_ACL_SET_PERMSET,
470          SMB_VFS_LAYER_LOGGER},
471         {SMB_VFS_OP(smb_full_audit_sys_acl_valid),      SMB_VFS_OP_SYS_ACL_VALID,
472          SMB_VFS_LAYER_LOGGER},
473         {SMB_VFS_OP(smb_full_audit_sys_acl_set_file),   SMB_VFS_OP_SYS_ACL_SET_FILE,
474          SMB_VFS_LAYER_LOGGER},
475         {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd),     SMB_VFS_OP_SYS_ACL_SET_FD,
476          SMB_VFS_LAYER_LOGGER},
477         {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file),    SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
478          SMB_VFS_LAYER_LOGGER},
479         {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm),   SMB_VFS_OP_SYS_ACL_GET_PERM,
480          SMB_VFS_LAYER_LOGGER},
481         {SMB_VFS_OP(smb_full_audit_sys_acl_free_text),  SMB_VFS_OP_SYS_ACL_FREE_TEXT,
482          SMB_VFS_LAYER_LOGGER},
483         {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl),   SMB_VFS_OP_SYS_ACL_FREE_ACL,
484          SMB_VFS_LAYER_LOGGER},
485         {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier),     SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
486          SMB_VFS_LAYER_LOGGER},
487         
488         /* EA operations. */
489
490         {SMB_VFS_OP(smb_full_audit_getxattr),   SMB_VFS_OP_GETXATTR,
491          SMB_VFS_LAYER_LOGGER},
492         {SMB_VFS_OP(smb_full_audit_lgetxattr),  SMB_VFS_OP_LGETXATTR,
493          SMB_VFS_LAYER_LOGGER},
494         {SMB_VFS_OP(smb_full_audit_fgetxattr),  SMB_VFS_OP_FGETXATTR,
495          SMB_VFS_LAYER_LOGGER},
496         {SMB_VFS_OP(smb_full_audit_listxattr),  SMB_VFS_OP_LISTXATTR,
497          SMB_VFS_LAYER_LOGGER},
498         {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
499          SMB_VFS_LAYER_LOGGER},
500         {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
501          SMB_VFS_LAYER_LOGGER},
502         {SMB_VFS_OP(smb_full_audit_removexattr),        SMB_VFS_OP_REMOVEXATTR,
503          SMB_VFS_LAYER_LOGGER},
504         {SMB_VFS_OP(smb_full_audit_lremovexattr),       SMB_VFS_OP_LREMOVEXATTR,
505          SMB_VFS_LAYER_LOGGER},
506         {SMB_VFS_OP(smb_full_audit_fremovexattr),       SMB_VFS_OP_FREMOVEXATTR,
507          SMB_VFS_LAYER_LOGGER},
508         {SMB_VFS_OP(smb_full_audit_setxattr),   SMB_VFS_OP_SETXATTR,
509          SMB_VFS_LAYER_LOGGER},
510         {SMB_VFS_OP(smb_full_audit_lsetxattr),  SMB_VFS_OP_LSETXATTR,
511          SMB_VFS_LAYER_LOGGER},
512         {SMB_VFS_OP(smb_full_audit_fsetxattr),  SMB_VFS_OP_FSETXATTR,
513          SMB_VFS_LAYER_LOGGER},
514         
515         {SMB_VFS_OP(smb_full_audit_aio_read),   SMB_VFS_OP_AIO_READ,
516          SMB_VFS_LAYER_LOGGER},
517         {SMB_VFS_OP(smb_full_audit_aio_write),  SMB_VFS_OP_AIO_WRITE,
518          SMB_VFS_LAYER_LOGGER},
519         {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
520          SMB_VFS_LAYER_LOGGER},
521         {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
522          SMB_VFS_LAYER_LOGGER},
523         {SMB_VFS_OP(smb_full_audit_aio_error),  SMB_VFS_OP_AIO_ERROR,
524          SMB_VFS_LAYER_LOGGER},
525         {SMB_VFS_OP(smb_full_audit_aio_fsync),  SMB_VFS_OP_AIO_FSYNC,
526          SMB_VFS_LAYER_LOGGER},
527         {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
528          SMB_VFS_LAYER_LOGGER},
529
530         /* Finish VFS operations definition */
531         
532         {SMB_VFS_OP(NULL),              SMB_VFS_OP_NOOP,
533          SMB_VFS_LAYER_NOOP}
534 };
535
536 /* The following array *must* be in the same order as defined in vfs.h */
537
538 static struct {
539         vfs_op_type type;
540         const char *name;
541 } vfs_op_names[] = {
542         { SMB_VFS_OP_CONNECT,   "connect" },
543         { SMB_VFS_OP_DISCONNECT,        "disconnect" },
544         { SMB_VFS_OP_DISK_FREE, "disk_free" },
545         { SMB_VFS_OP_GET_QUOTA, "get_quota" },
546         { SMB_VFS_OP_SET_QUOTA, "set_quota" },
547         { SMB_VFS_OP_GET_SHADOW_COPY_DATA,      "get_shadow_copy_data" },
548         { SMB_VFS_OP_STATVFS,   "statvfs" },
549         { SMB_VFS_OP_OPENDIR,   "opendir" },
550         { SMB_VFS_OP_READDIR,   "readdir" },
551         { SMB_VFS_OP_SEEKDIR,   "seekdir" },
552         { SMB_VFS_OP_TELLDIR,   "telldir" },
553         { SMB_VFS_OP_REWINDDIR, "rewinddir" },
554         { SMB_VFS_OP_MKDIR,     "mkdir" },
555         { SMB_VFS_OP_RMDIR,     "rmdir" },
556         { SMB_VFS_OP_CLOSEDIR,  "closedir" },
557         { SMB_VFS_OP_OPEN,      "open" },
558         { SMB_VFS_OP_CLOSE,     "close" },
559         { SMB_VFS_OP_READ,      "read" },
560         { SMB_VFS_OP_PREAD,     "pread" },
561         { SMB_VFS_OP_WRITE,     "write" },
562         { SMB_VFS_OP_PWRITE,    "pwrite" },
563         { SMB_VFS_OP_LSEEK,     "lseek" },
564         { SMB_VFS_OP_SENDFILE,  "sendfile" },
565         { SMB_VFS_OP_RENAME,    "rename" },
566         { SMB_VFS_OP_FSYNC,     "fsync" },
567         { SMB_VFS_OP_STAT,      "stat" },
568         { SMB_VFS_OP_FSTAT,     "fstat" },
569         { SMB_VFS_OP_LSTAT,     "lstat" },
570         { SMB_VFS_OP_UNLINK,    "unlink" },
571         { SMB_VFS_OP_CHMOD,     "chmod" },
572         { SMB_VFS_OP_FCHMOD,    "fchmod" },
573         { SMB_VFS_OP_CHOWN,     "chown" },
574         { SMB_VFS_OP_FCHOWN,    "fchown" },
575         { SMB_VFS_OP_LCHOWN,    "lchown" },
576         { SMB_VFS_OP_CHDIR,     "chdir" },
577         { SMB_VFS_OP_GETWD,     "getwd" },
578         { SMB_VFS_OP_NTIMES,    "ntimes" },
579         { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
580         { SMB_VFS_OP_LOCK,      "lock" },
581         { SMB_VFS_OP_KERNEL_FLOCK,      "kernel_flock" },
582         { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
583         { SMB_VFS_OP_GETLOCK,   "getlock" },
584         { SMB_VFS_OP_SYMLINK,   "symlink" },
585         { SMB_VFS_OP_READLINK,  "readlink" },
586         { SMB_VFS_OP_LINK,      "link" },
587         { SMB_VFS_OP_MKNOD,     "mknod" },
588         { SMB_VFS_OP_REALPATH,  "realpath" },
589         { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
590         { SMB_VFS_OP_CHFLAGS,   "chflags" },
591         { SMB_VFS_OP_FILE_ID_CREATE,    "file_id_create" },
592         { SMB_VFS_OP_FGET_NT_ACL,       "fget_nt_acl" },
593         { SMB_VFS_OP_GET_NT_ACL,        "get_nt_acl" },
594         { SMB_VFS_OP_FSET_NT_ACL,       "fset_nt_acl" },
595         { SMB_VFS_OP_SET_NT_ACL,        "set_nt_acl" },
596         { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
597         { SMB_VFS_OP_FCHMOD_ACL,        "fchmod_acl" },
598         { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
599         { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,      "sys_acl_get_tag_type" },
600         { SMB_VFS_OP_SYS_ACL_GET_PERMSET,       "sys_acl_get_permset" },
601         { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,     "sys_acl_get_qualifier" },
602         { SMB_VFS_OP_SYS_ACL_GET_FILE,  "sys_acl_get_file" },
603         { SMB_VFS_OP_SYS_ACL_GET_FD,    "sys_acl_get_fd" },
604         { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,       "sys_acl_clear_perms" },
605         { SMB_VFS_OP_SYS_ACL_ADD_PERM,  "sys_acl_add_perm" },
606         { SMB_VFS_OP_SYS_ACL_TO_TEXT,   "sys_acl_to_text" },
607         { SMB_VFS_OP_SYS_ACL_INIT,      "sys_acl_init" },
608         { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,      "sys_acl_create_entry" },
609         { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,      "sys_acl_set_tag_type" },
610         { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,     "sys_acl_set_qualifier" },
611         { SMB_VFS_OP_SYS_ACL_SET_PERMSET,       "sys_acl_set_permset" },
612         { SMB_VFS_OP_SYS_ACL_VALID,     "sys_acl_valid" },
613         { SMB_VFS_OP_SYS_ACL_SET_FILE,  "sys_acl_set_file" },
614         { SMB_VFS_OP_SYS_ACL_SET_FD,    "sys_acl_set_fd" },
615         { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,   "sys_acl_delete_def_file" },
616         { SMB_VFS_OP_SYS_ACL_GET_PERM,  "sys_acl_get_perm" },
617         { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
618         { SMB_VFS_OP_SYS_ACL_FREE_ACL,  "sys_acl_free_acl" },
619         { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,    "sys_acl_free_qualifier" },
620         { SMB_VFS_OP_GETXATTR,  "getxattr" },
621         { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
622         { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
623         { SMB_VFS_OP_LISTXATTR, "listxattr" },
624         { SMB_VFS_OP_LLISTXATTR,        "llistxattr" },
625         { SMB_VFS_OP_FLISTXATTR,        "flistxattr" },
626         { SMB_VFS_OP_REMOVEXATTR,       "removexattr" },
627         { SMB_VFS_OP_LREMOVEXATTR,      "lremovexattr" },
628         { SMB_VFS_OP_FREMOVEXATTR,      "fremovexattr" },
629         { SMB_VFS_OP_SETXATTR,  "setxattr" },
630         { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
631         { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
632         { SMB_VFS_OP_AIO_READ,  "aio_read" },
633         { SMB_VFS_OP_AIO_WRITE, "aio_write" },
634         { SMB_VFS_OP_AIO_RETURN,"aio_return" },
635         { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
636         { SMB_VFS_OP_AIO_ERROR, "aio_error" },
637         { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
638         { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
639         { SMB_VFS_OP_LAST, NULL }
640 };      
641
642 static int audit_syslog_facility(vfs_handle_struct *handle)
643 {
644         static const struct enum_list enum_log_facilities[] = {
645                 { LOG_USER, "USER" },
646                 { LOG_LOCAL0, "LOCAL0" },
647                 { LOG_LOCAL1, "LOCAL1" },
648                 { LOG_LOCAL2, "LOCAL2" },
649                 { LOG_LOCAL3, "LOCAL3" },
650                 { LOG_LOCAL4, "LOCAL4" },
651                 { LOG_LOCAL5, "LOCAL5" },
652                 { LOG_LOCAL6, "LOCAL6" },
653                 { LOG_LOCAL7, "LOCAL7" }
654         };
655
656         int facility;
657
658         facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
659
660         return facility;
661 }
662
663 static int audit_syslog_priority(vfs_handle_struct *handle)
664 {
665         static const struct enum_list enum_log_priorities[] = {
666                 { LOG_EMERG, "EMERG" },
667                 { LOG_ALERT, "ALERT" },
668                 { LOG_CRIT, "CRIT" },
669                 { LOG_ERR, "ERR" },
670                 { LOG_WARNING, "WARNING" },
671                 { LOG_NOTICE, "NOTICE" },
672                 { LOG_INFO, "INFO" },
673                 { LOG_DEBUG, "DEBUG" }
674         };
675
676         int priority;
677
678         priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
679
680         return priority;
681 }
682
683 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
684 {
685         char *prefix = NULL;
686
687         prefix = talloc_strdup(ctx,
688                         lp_parm_const_string(SNUM(conn), "full_audit",
689                                              "prefix", "%u|%I"));
690         if (!prefix) {
691                 return NULL;
692         }
693         return talloc_sub_advanced(ctx,
694                         lp_servicename(SNUM(conn)), conn->user,
695                         conn->connectpath, conn->gid,
696                         get_current_username(),
697                         current_user_info.domain,
698                         prefix);
699 }
700
701 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
702 {
703         struct vfs_full_audit_private_data *pd = NULL;
704
705         SMB_VFS_HANDLE_GET_DATA(handle, pd,
706                 struct vfs_full_audit_private_data,
707                 return True);
708
709         if (pd->success_ops == NULL) {
710                 return True;
711         }
712
713         return bitmap_query(pd->success_ops, op);
714 }
715
716 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
717 {
718         struct vfs_full_audit_private_data *pd = NULL;
719
720         SMB_VFS_HANDLE_GET_DATA(handle, pd,
721                 struct vfs_full_audit_private_data,
722                 return True);
723
724         if (pd->failure_ops == NULL)
725                 return True;
726
727         return bitmap_query(pd->failure_ops, op);
728 }
729
730 static void init_bitmap(struct bitmap **bm, const char **ops)
731 {
732         bool log_all = False;
733
734         if (*bm != NULL)
735                 return;
736
737         *bm = bitmap_allocate(SMB_VFS_OP_LAST);
738
739         if (*bm == NULL) {
740                 DEBUG(0, ("Could not alloc bitmap -- "
741                           "defaulting to logging everything\n"));
742                 return;
743         }
744
745         while (*ops != NULL) {
746                 int i;
747                 bool found = False;
748
749                 if (strequal(*ops, "all")) {
750                         log_all = True;
751                         break;
752                 }
753
754                 if (strequal(*ops, "none")) {
755                         break;
756                 }
757
758                 for (i=0; i<SMB_VFS_OP_LAST; i++) {
759                         if (vfs_op_names[i].name == NULL) {
760                                 smb_panic("vfs_full_audit.c: name table not "
761                                           "in sync with vfs.h\n");
762                         }
763
764                         if (strequal(*ops, vfs_op_names[i].name)) {
765                                 bitmap_set(*bm, i);
766                                 found = True;
767                         }
768                 }
769                 if (!found) {
770                         DEBUG(0, ("Could not find opname %s, logging all\n",
771                                   *ops));
772                         log_all = True;
773                         break;
774                 }
775                 ops += 1;
776         }
777
778         if (log_all) {
779                 /* The query functions default to True */
780                 bitmap_free(*bm);
781                 *bm = NULL;
782         }
783 }
784
785 static const char *audit_opname(vfs_op_type op)
786 {
787         if (op >= SMB_VFS_OP_LAST)
788                 return "INVALID VFS OP";
789         return vfs_op_names[op].name;
790 }
791
792 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
793                    const char *format, ...)
794 {
795         fstring err_msg;
796         char *audit_pre = NULL;
797         va_list ap;
798         char *op_msg = NULL;
799
800         if (success && (!log_success(handle, op)))
801                 return;
802
803         if (!success && (!log_failure(handle, op)))
804                 return;
805
806         if (success)
807                 fstrcpy(err_msg, "ok");
808         else
809                 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
810
811         va_start(ap, format);
812         op_msg = talloc_vasprintf(NULL, format, ap);
813         va_end(ap);
814
815         if (!op_msg) {
816                 return;
817         }
818
819         audit_pre = audit_prefix(NULL, handle->conn);
820         syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
821                 audit_pre ? audit_pre : "",
822                 audit_opname(op), err_msg, op_msg);
823
824         TALLOC_FREE(audit_pre);
825         TALLOC_FREE(op_msg);
826
827         return;
828 }
829
830 /* Free function for the private data. */
831
832 static void free_private_data(void **p_data)
833 {
834         struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
835
836         if (pd->success_ops) {
837                 bitmap_free(pd->success_ops);
838         }
839         if (pd->failure_ops) {
840                 bitmap_free(pd->failure_ops);
841         }
842         SAFE_FREE(pd);
843         *p_data = NULL;
844 }
845
846 /* Implementation of vfs_ops.  Pass everything on to the default
847    operation but log event first. */
848
849 static int smb_full_audit_connect(vfs_handle_struct *handle,
850                          const char *svc, const char *user)
851 {
852         int result;
853         struct vfs_full_audit_private_data *pd = NULL;
854         const char *none[] = { NULL };
855         const char *all [] = { "all" };
856
857         if (!handle) {
858                 return -1;
859         }
860
861         pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
862         if (!pd) {
863                 return -1;
864         }
865         ZERO_STRUCTP(pd);
866
867         openlog("smbd_audit", 0, audit_syslog_facility(handle));
868
869         init_bitmap(&pd->success_ops,
870                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
871                                         none));
872         init_bitmap(&pd->failure_ops,
873                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
874                                         all));
875
876         /* Store the private data. */
877         SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
878                                 struct vfs_full_audit_private_data, return -1);
879
880         result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
881
882         do_log(SMB_VFS_OP_CONNECT, True, handle,
883                "%s", svc);
884
885         return result;
886 }
887
888 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
889 {
890         SMB_VFS_NEXT_DISCONNECT(handle);
891
892         do_log(SMB_VFS_OP_DISCONNECT, True, handle,
893                "%s", lp_servicename(SNUM(handle->conn)));
894
895         /* The bitmaps will be disconnected when the private
896            data is deleted. */
897
898         return;
899 }
900
901 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
902                                     const char *path,
903                                     bool small_query, SMB_BIG_UINT *bsize, 
904                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
905 {
906         SMB_BIG_UINT result;
907
908         result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
909                                         dfree, dsize);
910
911         /* Don't have a reasonable notion of failure here */
912
913         do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
914
915         return result;
916 }
917
918 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
919                            enum SMB_QUOTA_TYPE qtype, unid_t id,
920                            SMB_DISK_QUOTA *qt)
921 {
922         int result;
923
924         result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
925
926         do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
927
928         return result;
929 }
930
931         
932 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
933                            enum SMB_QUOTA_TYPE qtype, unid_t id,
934                            SMB_DISK_QUOTA *qt)
935 {
936         int result;
937
938         result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
939
940         do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
941
942         return result;
943 }
944
945 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
946                                 struct files_struct *fsp,
947                                 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
948 {
949         int result;
950
951         result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
952
953         do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
954
955         return result;
956 }
957
958 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
959                                 const char *path,
960                                 struct vfs_statvfs_struct *statbuf)
961 {
962         int result;
963
964         result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
965
966         do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
967
968         return result;
969 }
970
971 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
972                           const char *fname, const char *mask, uint32 attr)
973 {
974         SMB_STRUCT_DIR *result;
975
976         result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
977
978         do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
979
980         return result;
981 }
982
983 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
984                                     SMB_STRUCT_DIR *dirp)
985 {
986         SMB_STRUCT_DIRENT *result;
987
988         result = SMB_VFS_NEXT_READDIR(handle, dirp);
989
990         /* This operation has no reasonable error condition
991          * (End of dir is also failure), so always succeed.
992          */
993         do_log(SMB_VFS_OP_READDIR, True, handle, "");
994
995         return result;
996 }
997
998 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
999                         SMB_STRUCT_DIR *dirp, long offset)
1000 {
1001         SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1002
1003         do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1004         return;
1005 }
1006
1007 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1008                         SMB_STRUCT_DIR *dirp)
1009 {
1010         long result;
1011
1012         result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1013
1014         do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1015
1016         return result;
1017 }
1018
1019 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1020                         SMB_STRUCT_DIR *dirp)
1021 {
1022         SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1023
1024         do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1025         return;
1026 }
1027
1028 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1029                        const char *path, mode_t mode)
1030 {
1031         int result;
1032         
1033         result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1034         
1035         do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1036
1037         return result;
1038 }
1039
1040 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1041                        const char *path)
1042 {
1043         int result;
1044         
1045         result = SMB_VFS_NEXT_RMDIR(handle, path);
1046
1047         do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1048
1049         return result;
1050 }
1051
1052 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1053                           SMB_STRUCT_DIR *dirp)
1054 {
1055         int result;
1056
1057         result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1058         
1059         do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1060
1061         return result;
1062 }
1063
1064 static int smb_full_audit_open(vfs_handle_struct *handle,
1065                       const char *fname, files_struct *fsp, int flags, mode_t mode)
1066 {
1067         int result;
1068         
1069         result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1070
1071         do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1072                ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1073                fname);
1074
1075         return result;
1076 }
1077
1078 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
1079 {
1080         int result;
1081         
1082         result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
1083
1084         do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1085
1086         return result;
1087 }
1088
1089 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1090                           void *data, size_t n)
1091 {
1092         ssize_t result;
1093
1094         result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1095
1096         do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1097
1098         return result;
1099 }
1100
1101 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1102                            void *data, size_t n, SMB_OFF_T offset)
1103 {
1104         ssize_t result;
1105
1106         result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1107
1108         do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1109
1110         return result;
1111 }
1112
1113 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1114                            int fd, const void *data, size_t n)
1115 {
1116         ssize_t result;
1117
1118         result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
1119
1120         do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1121
1122         return result;
1123 }
1124
1125 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1126                             const void *data, size_t n,
1127                             SMB_OFF_T offset)
1128 {
1129         ssize_t result;
1130
1131         result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1132
1133         do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1134
1135         return result;
1136 }
1137
1138 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1139                              SMB_OFF_T offset, int whence)
1140 {
1141         ssize_t result;
1142
1143         result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1144
1145         do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1146                "%s", fsp->fsp_name);
1147
1148         return result;
1149 }
1150
1151 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1152                               files_struct *fsp, int fromfd,
1153                               const DATA_BLOB *hdr, SMB_OFF_T offset,
1154                               size_t n)
1155 {
1156         ssize_t result;
1157
1158         result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
1159                                        offset, n);
1160
1161         do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1162                "%s", fsp->fsp_name);
1163
1164         return result;
1165 }
1166
1167 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1168                               files_struct *fsp, int tofd,
1169                               SMB_OFF_T offset,
1170                               size_t n)
1171 {
1172         ssize_t result;
1173
1174         result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, fsp, tofd,
1175                                        offset, n);
1176
1177         do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1178                "%s", fsp->fsp_name);
1179
1180         return result;
1181 }
1182
1183 static int smb_full_audit_rename(vfs_handle_struct *handle,
1184                         const char *oldname, const char *newname)
1185 {
1186         int result;
1187         
1188         result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1189
1190         do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1191
1192         return result;    
1193 }
1194
1195 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1196 {
1197         int result;
1198         
1199         result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1200
1201         do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1202
1203         return result;    
1204 }
1205
1206 static int smb_full_audit_stat(vfs_handle_struct *handle,
1207                       const char *fname, SMB_STRUCT_STAT *sbuf)
1208 {
1209         int result;
1210         
1211         result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1212
1213         do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1214
1215         return result;    
1216 }
1217
1218 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1219                        SMB_STRUCT_STAT *sbuf)
1220 {
1221         int result;
1222         
1223         result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1224
1225         do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1226
1227         return result;
1228 }
1229
1230 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1231                        const char *path, SMB_STRUCT_STAT *sbuf)
1232 {
1233         int result;
1234         
1235         result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1236
1237         do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1238
1239         return result;    
1240 }
1241
1242 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1243                         const char *path)
1244 {
1245         int result;
1246         
1247         result = SMB_VFS_NEXT_UNLINK(handle, path);
1248
1249         do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1250
1251         return result;
1252 }
1253
1254 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1255                        const char *path, mode_t mode)
1256 {
1257         int result;
1258
1259         result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1260
1261         do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1262
1263         return result;
1264 }
1265
1266 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1267                         mode_t mode)
1268 {
1269         int result;
1270         
1271         result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1272
1273         do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1274                "%s|%o", fsp->fsp_name, mode);
1275
1276         return result;
1277 }
1278
1279 static int smb_full_audit_chown(vfs_handle_struct *handle,
1280                        const char *path, uid_t uid, gid_t gid)
1281 {
1282         int result;
1283
1284         result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1285
1286         do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1287                path, (long int)uid, (long int)gid);
1288
1289         return result;
1290 }
1291
1292 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1293                         uid_t uid, gid_t gid)
1294 {
1295         int result;
1296
1297         result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1298
1299         do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1300                fsp->fsp_name, (long int)uid, (long int)gid);
1301
1302         return result;
1303 }
1304
1305 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1306                        const char *path, uid_t uid, gid_t gid)
1307 {
1308         int result;
1309
1310         result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1311
1312         do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1313                path, (long int)uid, (long int)gid);
1314
1315         return result;
1316 }
1317
1318 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1319                        const char *path)
1320 {
1321         int result;
1322
1323         result = SMB_VFS_NEXT_CHDIR(handle, path);
1324
1325         do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1326
1327         return result;
1328 }
1329
1330 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1331                          char *path)
1332 {
1333         char *result;
1334
1335         result = SMB_VFS_NEXT_GETWD(handle, path);
1336         
1337         do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1338
1339         return result;
1340 }
1341
1342 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1343                        const char *path, const struct timespec ts[2])
1344 {
1345         int result;
1346
1347         result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
1348
1349         do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1350
1351         return result;
1352 }
1353
1354 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1355                            SMB_OFF_T len)
1356 {
1357         int result;
1358
1359         result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1360
1361         do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1362                "%s", fsp->fsp_name);
1363
1364         return result;
1365 }
1366
1367 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1368                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1369 {
1370         bool result;
1371
1372         result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1373
1374         do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp->fsp_name);
1375
1376         return result;
1377 }
1378
1379 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1380                                        struct files_struct *fsp,
1381                                        uint32 share_mode)
1382 {
1383         int result;
1384
1385         result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1386
1387         do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1388                fsp->fsp_name);
1389
1390         return result;
1391 }
1392
1393 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1394                                  int leasetype)
1395 {
1396         int result;
1397
1398         result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1399
1400         do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1401                fsp->fsp_name);
1402
1403         return result;
1404 }
1405
1406 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1407                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1408 {
1409         bool result;
1410
1411         result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1412
1413         do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp->fsp_name);
1414
1415         return result;
1416 }
1417
1418 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1419                          const char *oldpath, const char *newpath)
1420 {
1421         int result;
1422
1423         result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1424
1425         do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1426                "%s|%s", oldpath, newpath);
1427
1428         return result;
1429 }
1430
1431 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1432                           const char *path, char *buf, size_t bufsiz)
1433 {
1434         int result;
1435
1436         result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1437
1438         do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1439
1440         return result;
1441 }
1442
1443 static int smb_full_audit_link(vfs_handle_struct *handle,
1444                       const char *oldpath, const char *newpath)
1445 {
1446         int result;
1447
1448         result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1449
1450         do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1451                "%s|%s", oldpath, newpath);
1452
1453         return result;
1454 }
1455
1456 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1457                        const char *pathname, mode_t mode, SMB_DEV_T dev)
1458 {
1459         int result;
1460
1461         result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1462
1463         do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1464
1465         return result;
1466 }
1467
1468 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1469                             const char *path, char *resolved_path)
1470 {
1471         char *result;
1472
1473         result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1474
1475         do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1476
1477         return result;
1478 }
1479
1480 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1481                         struct sys_notify_context *ctx,
1482                         struct notify_entry *e,
1483                         void (*callback)(struct sys_notify_context *ctx,
1484                                         void *private_data,
1485                                         struct notify_event *ev),
1486                         void *private_data, void *handle_p)
1487 {
1488         NTSTATUS result;
1489
1490         result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1491
1492         do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1493
1494         return result;
1495 }
1496
1497 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1498                             const char *path, unsigned int flags)
1499 {
1500         int result;
1501
1502         result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1503
1504         do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1505
1506         return result;
1507 }
1508
1509 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1510                                                     SMB_DEV_T dev, SMB_INO_T inode)
1511 {
1512         struct file_id id_zero;
1513         struct file_id result;
1514
1515         ZERO_STRUCT(id_zero);
1516
1517         result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode);
1518
1519         do_log(SMB_VFS_OP_FILE_ID_CREATE,
1520                !file_id_equal(&id_zero, &result),
1521                handle, "%s", file_id_string_tos(&result));
1522
1523         return result;
1524 }
1525
1526 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1527                                 uint32 security_info,
1528                                 SEC_DESC **ppdesc)
1529 {
1530         NTSTATUS result;
1531
1532         result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1533
1534         do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1535                "%s", fsp->fsp_name);
1536
1537         return result;
1538 }
1539
1540 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1541                                           files_struct *fsp,
1542                                           const char *name,
1543                                           uint32 security_info,
1544                                           SEC_DESC **ppdesc)
1545 {
1546         NTSTATUS result;
1547
1548         result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1549
1550         do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1551                "%s", fsp->fsp_name);
1552
1553         return result;
1554 }
1555
1556 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1557                               uint32 security_info_sent,
1558                               SEC_DESC *psd)
1559 {
1560         NTSTATUS result;
1561
1562         result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1563
1564         do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1565
1566         return result;
1567 }
1568
1569 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1570                              const char *name, uint32 security_info_sent,
1571                              SEC_DESC *psd)
1572 {
1573         NTSTATUS result;
1574
1575         result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1576                                          psd);
1577
1578         do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1579
1580         return result;
1581 }
1582
1583 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1584                            const char *path, mode_t mode)
1585 {
1586         int result;
1587         
1588         result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1589
1590         do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1591                "%s|%o", path, mode);
1592
1593         return result;
1594 }
1595
1596 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1597                                      mode_t mode)
1598 {
1599         int result;
1600         
1601         result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1602
1603         do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1604                "%s|%o", fsp->fsp_name, mode);
1605
1606         return result;
1607 }
1608
1609 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1610
1611                                    SMB_ACL_T theacl, int entry_id,
1612                                    SMB_ACL_ENTRY_T *entry_p)
1613 {
1614         int result;
1615
1616         result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1617                                                 entry_p);
1618
1619         do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1620                "");
1621
1622         return result;
1623 }
1624
1625 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1626
1627                                       SMB_ACL_ENTRY_T entry_d,
1628                                       SMB_ACL_TAG_T *tag_type_p)
1629 {
1630         int result;
1631
1632         result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1633                                                    tag_type_p);
1634
1635         do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1636                "");
1637
1638         return result;
1639 }
1640
1641 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1642
1643                                      SMB_ACL_ENTRY_T entry_d,
1644                                      SMB_ACL_PERMSET_T *permset_p)
1645 {
1646         int result;
1647
1648         result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1649                                                   permset_p);
1650
1651         do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1652                "");
1653
1654         return result;
1655 }
1656
1657 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1658
1659                                           SMB_ACL_ENTRY_T entry_d)
1660 {
1661         void *result;
1662
1663         result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1664
1665         do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1666                "");
1667
1668         return result;
1669 }
1670
1671 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1672                                         const char *path_p,
1673                                         SMB_ACL_TYPE_T type)
1674 {
1675         SMB_ACL_T result;
1676
1677         result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1678
1679         do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1680                "%s", path_p);
1681
1682         return result;
1683 }
1684
1685 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1686                                       files_struct *fsp)
1687 {
1688         SMB_ACL_T result;
1689
1690         result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1691
1692         do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1693                "%s", fsp->fsp_name);
1694
1695         return result;
1696 }
1697
1698 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1699
1700                                      SMB_ACL_PERMSET_T permset)
1701 {
1702         int result;
1703
1704         result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1705
1706         do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1707                "");
1708
1709         return result;
1710 }
1711
1712 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1713
1714                                   SMB_ACL_PERMSET_T permset,
1715                                   SMB_ACL_PERM_T perm)
1716 {
1717         int result;
1718
1719         result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1720
1721         do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1722                "");
1723
1724         return result;
1725 }
1726
1727 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1728                                     SMB_ACL_T theacl,
1729                                     ssize_t *plen)
1730 {
1731         char * result;
1732
1733         result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1734
1735         do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1736                "");
1737
1738         return result;
1739 }
1740
1741 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1742
1743                                     int count)
1744 {
1745         SMB_ACL_T result;
1746
1747         result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1748
1749         do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1750                "");
1751
1752         return result;
1753 }
1754
1755 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1756                                       SMB_ACL_T *pacl,
1757                                       SMB_ACL_ENTRY_T *pentry)
1758 {
1759         int result;
1760
1761         result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1762
1763         do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1764                "");
1765
1766         return result;
1767 }
1768
1769 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1770
1771                                       SMB_ACL_ENTRY_T entry,
1772                                       SMB_ACL_TAG_T tagtype)
1773 {
1774         int result;
1775
1776         result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1777                                                    tagtype);
1778
1779         do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1780                "");
1781
1782         return result;
1783 }
1784
1785 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1786
1787                                        SMB_ACL_ENTRY_T entry,
1788                                        void *qual)
1789 {
1790         int result;
1791
1792         result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1793
1794         do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1795                "");
1796
1797         return result;
1798 }
1799
1800 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1801
1802                                      SMB_ACL_ENTRY_T entry,
1803                                      SMB_ACL_PERMSET_T permset)
1804 {
1805         int result;
1806
1807         result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1808
1809         do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1810                "");
1811
1812         return result;
1813 }
1814
1815 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1816
1817                                SMB_ACL_T theacl )
1818 {
1819         int result;
1820
1821         result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1822
1823         do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1824                "");
1825
1826         return result;
1827 }
1828
1829 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1830
1831                                   const char *name, SMB_ACL_TYPE_T acltype,
1832                                   SMB_ACL_T theacl)
1833 {
1834         int result;
1835
1836         result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1837                                                theacl);
1838
1839         do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1840                "%s", name);
1841
1842         return result;
1843 }
1844
1845 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1846                                 SMB_ACL_T theacl)
1847 {
1848         int result;
1849
1850         result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1851
1852         do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1853                "%s", fsp->fsp_name);
1854
1855         return result;
1856 }
1857
1858 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1859
1860                                          const char *path)
1861 {
1862         int result;
1863
1864         result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1865
1866         do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1867                "%s", path);
1868
1869         return result;
1870 }
1871
1872 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1873
1874                                   SMB_ACL_PERMSET_T permset,
1875                                   SMB_ACL_PERM_T perm)
1876 {
1877         int result;
1878
1879         result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1880
1881         do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1882                "");
1883
1884         return result;
1885 }
1886
1887 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1888
1889                                    char *text)
1890 {
1891         int result;
1892
1893         result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1894
1895         do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1896                "");
1897
1898         return result;
1899 }
1900
1901 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1902
1903                                   SMB_ACL_T posix_acl)
1904 {
1905         int result;
1906
1907         result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1908
1909         do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1910                "");
1911
1912         return result;
1913 }
1914
1915 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1916                                         void *qualifier,
1917                                         SMB_ACL_TAG_T tagtype)
1918 {
1919         int result;
1920
1921         result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1922                                                      tagtype);
1923
1924         do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1925                "");
1926
1927         return result;
1928 }
1929
1930 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1931                               const char *path,
1932                               const char *name, void *value, size_t size)
1933 {
1934         ssize_t result;
1935
1936         result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1937
1938         do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1939                "%s|%s", path, name);
1940
1941         return result;
1942 }
1943
1944 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1945                                const char *path, const char *name,
1946                                void *value, size_t size)
1947 {
1948         ssize_t result;
1949
1950         result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1951
1952         do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1953                "%s|%s", path, name);
1954
1955         return result;
1956 }
1957
1958 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1959                                struct files_struct *fsp,
1960                                const char *name, void *value, size_t size)
1961 {
1962         ssize_t result;
1963
1964         result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1965
1966         do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1967                "%s|%s", fsp->fsp_name, name);
1968
1969         return result;
1970 }
1971
1972 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1973                                const char *path, char *list, size_t size)
1974 {
1975         ssize_t result;
1976
1977         result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1978
1979         do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1980
1981         return result;
1982 }
1983
1984 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1985                                 const char *path, char *list, size_t size)
1986 {
1987         ssize_t result;
1988
1989         result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1990
1991         do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1992
1993         return result;
1994 }
1995
1996 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1997                                 struct files_struct *fsp, char *list,
1998                                 size_t size)
1999 {
2000         ssize_t result;
2001
2002         result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2003
2004         do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2005                "%s", fsp->fsp_name);
2006
2007         return result;
2008 }
2009
2010 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2011                              const char *path,
2012                              const char *name)
2013 {
2014         int result;
2015
2016         result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2017
2018         do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2019                "%s|%s", path, name);
2020
2021         return result;
2022 }
2023
2024 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2025                               const char *path,
2026                               const char *name)
2027 {
2028         int result;
2029
2030         result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2031
2032         do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2033                "%s|%s", path, name);
2034
2035         return result;
2036 }
2037
2038 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2039                               struct files_struct *fsp,
2040                               const char *name)
2041 {
2042         int result;
2043
2044         result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2045
2046         do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2047                "%s|%s", fsp->fsp_name, name);
2048
2049         return result;
2050 }
2051
2052 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2053                           const char *path,
2054                           const char *name, const void *value, size_t size,
2055                           int flags)
2056 {
2057         int result;
2058
2059         result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2060                                        flags);
2061
2062         do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2063                "%s|%s", path, name);
2064
2065         return result;
2066 }
2067
2068 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2069                            const char *path,
2070                            const char *name, const void *value, size_t size,
2071                            int flags)
2072 {
2073         int result;
2074
2075         result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2076                                         flags);
2077
2078         do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2079                "%s|%s", path, name);
2080
2081         return result;
2082 }
2083
2084 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2085                            struct files_struct *fsp, const char *name,
2086                            const void *value, size_t size, int flags)
2087 {
2088         int result;
2089
2090         result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2091
2092         do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2093                "%s|%s", fsp->fsp_name, name);
2094
2095         return result;
2096 }
2097
2098 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2099 {
2100         int result;
2101
2102         result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2103         do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2104                 "%s", fsp->fsp_name);
2105
2106         return result;
2107 }
2108
2109 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2110 {
2111         int result;
2112
2113         result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2114         do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2115                 "%s", fsp->fsp_name);
2116
2117         return result;
2118 }
2119
2120 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2121 {
2122         int result;
2123
2124         result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2125         do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2126                 "%s", fsp->fsp_name);
2127
2128         return result;
2129 }
2130
2131 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2132 {
2133         int result;
2134
2135         result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2136         do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2137                 "%s", fsp->fsp_name);
2138
2139         return result;
2140 }
2141
2142 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2143 {
2144         int result;
2145
2146         result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2147         do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2148                 "%s", fsp->fsp_name);
2149
2150         return result;
2151 }
2152
2153 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2154 {
2155         int result;
2156
2157         result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2158         do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2159                 "%s", fsp->fsp_name);
2160
2161         return result;
2162 }
2163
2164 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2165 {
2166         int result;
2167
2168         result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2169         do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2170                 "%s", fsp->fsp_name);
2171
2172         return result;
2173 }
2174
2175
2176 NTSTATUS vfs_full_audit_init(void);
2177 NTSTATUS vfs_full_audit_init(void)
2178 {
2179         NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2180                                         "full_audit", audit_op_tuples);
2181         
2182         if (!NT_STATUS_IS_OK(ret))
2183                 return ret;
2184
2185         vfs_full_audit_debug_level = debug_add_class("full_audit");
2186         if (vfs_full_audit_debug_level == -1) {
2187                 vfs_full_audit_debug_level = DBGC_VFS;
2188                 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2189                           "class!\n"));
2190         } else {
2191                 DEBUG(10, ("vfs_full_audit: Debug class number of "
2192                            "'full_audit': %d\n", vfs_full_audit_debug_level));
2193         }
2194         
2195         return ret;
2196 }