2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
71 static int vfs_full_audit_debug_level = DBGC_VFS;
73 struct vfs_full_audit_private_data {
74 struct bitmap *success_ops;
75 struct bitmap *failure_ops;
79 #define DBGC_CLASS vfs_full_audit_debug_level
81 typedef enum _vfs_op_type {
86 SMB_VFS_OP_CONNECT = 0,
87 SMB_VFS_OP_DISCONNECT,
91 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
93 SMB_VFS_OP_FS_CAPABILITIES,
95 /* Directory operations */
102 SMB_VFS_OP_REWINDDIR,
106 SMB_VFS_OP_INIT_SEARCH_OP,
108 /* File operations */
111 SMB_VFS_OP_CREATE_FILE,
115 SMB_VFS_OP_PREAD_SEND,
116 SMB_VFS_OP_PREAD_RECV,
119 SMB_VFS_OP_PWRITE_SEND,
120 SMB_VFS_OP_PWRITE_RECV,
126 SMB_VFS_OP_FSYNC_SEND,
127 SMB_VFS_OP_FSYNC_RECV,
131 SMB_VFS_OP_GET_ALLOC_SIZE,
141 SMB_VFS_OP_FTRUNCATE,
142 SMB_VFS_OP_FALLOCATE,
144 SMB_VFS_OP_KERNEL_FLOCK,
145 SMB_VFS_OP_LINUX_SETLEASE,
152 SMB_VFS_OP_NOTIFY_WATCH,
154 SMB_VFS_OP_FILE_ID_CREATE,
155 SMB_VFS_OP_STREAMINFO,
156 SMB_VFS_OP_GET_REAL_FILENAME,
157 SMB_VFS_OP_CONNECTPATH,
158 SMB_VFS_OP_BRL_LOCK_WINDOWS,
159 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
160 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
161 SMB_VFS_OP_STRICT_LOCK,
162 SMB_VFS_OP_STRICT_UNLOCK,
163 SMB_VFS_OP_TRANSLATE_NAME,
165 /* NT ACL operations. */
167 SMB_VFS_OP_FGET_NT_ACL,
168 SMB_VFS_OP_GET_NT_ACL,
169 SMB_VFS_OP_FSET_NT_ACL,
171 /* POSIX ACL operations. */
173 SMB_VFS_OP_CHMOD_ACL,
174 SMB_VFS_OP_FCHMOD_ACL,
176 SMB_VFS_OP_SYS_ACL_GET_FILE,
177 SMB_VFS_OP_SYS_ACL_GET_FD,
178 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
179 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
180 SMB_VFS_OP_SYS_ACL_SET_FILE,
181 SMB_VFS_OP_SYS_ACL_SET_FD,
182 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
186 SMB_VFS_OP_FGETXATTR,
187 SMB_VFS_OP_LISTXATTR,
188 SMB_VFS_OP_FLISTXATTR,
189 SMB_VFS_OP_REMOVEXATTR,
190 SMB_VFS_OP_FREMOVEXATTR,
192 SMB_VFS_OP_FSETXATTR,
195 SMB_VFS_OP_AIO_FORCE,
197 /* offline operations */
198 SMB_VFS_OP_IS_OFFLINE,
199 SMB_VFS_OP_SET_OFFLINE,
201 /* This should always be last enum value */
206 /* The following array *must* be in the same order as defined in vfs.h */
212 { SMB_VFS_OP_CONNECT, "connect" },
213 { SMB_VFS_OP_DISCONNECT, "disconnect" },
214 { SMB_VFS_OP_DISK_FREE, "disk_free" },
215 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
216 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
217 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
218 { SMB_VFS_OP_STATVFS, "statvfs" },
219 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
220 { SMB_VFS_OP_OPENDIR, "opendir" },
221 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
222 { SMB_VFS_OP_READDIR, "readdir" },
223 { SMB_VFS_OP_SEEKDIR, "seekdir" },
224 { SMB_VFS_OP_TELLDIR, "telldir" },
225 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
226 { SMB_VFS_OP_MKDIR, "mkdir" },
227 { SMB_VFS_OP_RMDIR, "rmdir" },
228 { SMB_VFS_OP_CLOSEDIR, "closedir" },
229 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
230 { SMB_VFS_OP_OPEN, "open" },
231 { SMB_VFS_OP_CREATE_FILE, "create_file" },
232 { SMB_VFS_OP_CLOSE, "close" },
233 { SMB_VFS_OP_READ, "read" },
234 { SMB_VFS_OP_PREAD, "pread" },
235 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
236 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
237 { SMB_VFS_OP_WRITE, "write" },
238 { SMB_VFS_OP_PWRITE, "pwrite" },
239 { SMB_VFS_OP_LSEEK, "lseek" },
240 { SMB_VFS_OP_SENDFILE, "sendfile" },
241 { SMB_VFS_OP_RECVFILE, "recvfile" },
242 { SMB_VFS_OP_RENAME, "rename" },
243 { SMB_VFS_OP_FSYNC, "fsync" },
244 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
245 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
246 { SMB_VFS_OP_STAT, "stat" },
247 { SMB_VFS_OP_FSTAT, "fstat" },
248 { SMB_VFS_OP_LSTAT, "lstat" },
249 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
250 { SMB_VFS_OP_UNLINK, "unlink" },
251 { SMB_VFS_OP_CHMOD, "chmod" },
252 { SMB_VFS_OP_FCHMOD, "fchmod" },
253 { SMB_VFS_OP_CHOWN, "chown" },
254 { SMB_VFS_OP_FCHOWN, "fchown" },
255 { SMB_VFS_OP_LCHOWN, "lchown" },
256 { SMB_VFS_OP_CHDIR, "chdir" },
257 { SMB_VFS_OP_GETWD, "getwd" },
258 { SMB_VFS_OP_NTIMES, "ntimes" },
259 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
260 { SMB_VFS_OP_FALLOCATE,"fallocate" },
261 { SMB_VFS_OP_LOCK, "lock" },
262 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
263 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
264 { SMB_VFS_OP_GETLOCK, "getlock" },
265 { SMB_VFS_OP_SYMLINK, "symlink" },
266 { SMB_VFS_OP_READLINK, "readlink" },
267 { SMB_VFS_OP_LINK, "link" },
268 { SMB_VFS_OP_MKNOD, "mknod" },
269 { SMB_VFS_OP_REALPATH, "realpath" },
270 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
271 { SMB_VFS_OP_CHFLAGS, "chflags" },
272 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
273 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
274 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
275 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
276 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
277 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
278 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
279 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
280 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
281 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
282 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
283 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
284 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
285 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
286 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
287 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
288 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
289 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
290 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
291 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
292 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
293 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
294 { SMB_VFS_OP_GETXATTR, "getxattr" },
295 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
296 { SMB_VFS_OP_LISTXATTR, "listxattr" },
297 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
298 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
299 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
300 { SMB_VFS_OP_SETXATTR, "setxattr" },
301 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
302 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
303 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
304 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
305 { SMB_VFS_OP_LAST, NULL }
308 static int audit_syslog_facility(vfs_handle_struct *handle)
310 static const struct enum_list enum_log_facilities[] = {
311 { LOG_USER, "USER" },
312 { LOG_LOCAL0, "LOCAL0" },
313 { LOG_LOCAL1, "LOCAL1" },
314 { LOG_LOCAL2, "LOCAL2" },
315 { LOG_LOCAL3, "LOCAL3" },
316 { LOG_LOCAL4, "LOCAL4" },
317 { LOG_LOCAL5, "LOCAL5" },
318 { LOG_LOCAL6, "LOCAL6" },
319 { LOG_LOCAL7, "LOCAL7" },
325 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
330 static int audit_syslog_priority(vfs_handle_struct *handle)
332 static const struct enum_list enum_log_priorities[] = {
333 { LOG_EMERG, "EMERG" },
334 { LOG_ALERT, "ALERT" },
335 { LOG_CRIT, "CRIT" },
337 { LOG_WARNING, "WARNING" },
338 { LOG_NOTICE, "NOTICE" },
339 { LOG_INFO, "INFO" },
340 { LOG_DEBUG, "DEBUG" },
346 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
347 enum_log_priorities, LOG_NOTICE);
348 if (priority == -1) {
349 priority = LOG_WARNING;
355 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
360 prefix = talloc_strdup(ctx,
361 lp_parm_const_string(SNUM(conn), "full_audit",
366 result = talloc_sub_advanced(ctx,
367 lp_servicename(talloc_tos(), SNUM(conn)),
368 conn->session_info->unix_info->unix_name,
370 conn->session_info->unix_token->gid,
371 conn->session_info->unix_info->sanitized_username,
372 conn->session_info->info->domain_name,
378 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
380 struct vfs_full_audit_private_data *pd = NULL;
382 SMB_VFS_HANDLE_GET_DATA(handle, pd,
383 struct vfs_full_audit_private_data,
386 if (pd->success_ops == NULL) {
390 return bitmap_query(pd->success_ops, op);
393 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
395 struct vfs_full_audit_private_data *pd = NULL;
397 SMB_VFS_HANDLE_GET_DATA(handle, pd,
398 struct vfs_full_audit_private_data,
401 if (pd->failure_ops == NULL)
404 return bitmap_query(pd->failure_ops, op);
407 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
415 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
417 DEBUG(0, ("Could not alloc bitmap -- "
418 "defaulting to logging everything\n"));
422 for (; *ops != NULL; ops += 1) {
427 if (strequal(*ops, "all")) {
428 for (i=0; i<SMB_VFS_OP_LAST; i++) {
434 if (strequal(*ops, "none")) {
444 for (i=0; i<SMB_VFS_OP_LAST; i++) {
445 if (vfs_op_names[i].name == NULL) {
446 smb_panic("vfs_full_audit.c: name table not "
447 "in sync with vfs.h\n");
449 if (strequal(op, vfs_op_names[i].name)) {
458 if (i == SMB_VFS_OP_LAST) {
459 DEBUG(0, ("Could not find opname %s, logging all\n",
468 static const char *audit_opname(vfs_op_type op)
470 if (op >= SMB_VFS_OP_LAST)
471 return "INVALID VFS OP";
472 return vfs_op_names[op].name;
475 static TALLOC_CTX *tmp_do_log_ctx;
477 * Get us a temporary talloc context usable just for DEBUG arguments
479 static TALLOC_CTX *do_log_ctx(void)
481 if (tmp_do_log_ctx == NULL) {
482 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
484 return tmp_do_log_ctx;
487 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
488 const char *format, ...)
491 char *audit_pre = NULL;
496 if (success && (!log_success(handle, op)))
499 if (!success && (!log_failure(handle, op)))
503 fstrcpy(err_msg, "ok");
505 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
507 va_start(ap, format);
508 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
516 * Specify the facility to interoperate with other syslog callers
517 * (smbd for example).
519 priority = audit_syslog_priority(handle) |
520 audit_syslog_facility(handle);
522 audit_pre = audit_prefix(talloc_tos(), handle->conn);
523 syslog(priority, "%s|%s|%s|%s\n",
524 audit_pre ? audit_pre : "",
525 audit_opname(op), err_msg, op_msg);
528 TALLOC_FREE(audit_pre);
530 TALLOC_FREE(tmp_do_log_ctx);
534 * Return a string using the do_log_ctx()
536 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
541 if (smb_fname == NULL) {
544 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
545 if (!NT_STATUS_IS_OK(status)) {
552 * Return an fsp debug string using the do_log_ctx()
554 static const char *fsp_str_do_log(const struct files_struct *fsp)
556 return smb_fname_str_do_log(fsp->fsp_name);
559 /* Implementation of vfs_ops. Pass everything on to the default
560 operation but log event first. */
562 static int smb_full_audit_connect(vfs_handle_struct *handle,
563 const char *svc, const char *user)
566 struct vfs_full_audit_private_data *pd = NULL;
568 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
573 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
575 SMB_VFS_NEXT_DISCONNECT(handle);
580 openlog("smbd_audit", 0, audit_syslog_facility(handle));
583 pd->success_ops = init_bitmap(
584 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
586 pd->failure_ops = init_bitmap(
587 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
590 /* Store the private data. */
591 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
592 struct vfs_full_audit_private_data, return -1);
594 do_log(SMB_VFS_OP_CONNECT, True, handle,
600 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
602 SMB_VFS_NEXT_DISCONNECT(handle);
604 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
605 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
607 /* The bitmaps will be disconnected when the private
611 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
613 bool small_query, uint64_t *bsize,
614 uint64_t *dfree, uint64_t *dsize)
618 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
621 /* Don't have a reasonable notion of failure here */
623 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
628 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
629 enum SMB_QUOTA_TYPE qtype, unid_t id,
634 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
636 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
642 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
643 enum SMB_QUOTA_TYPE qtype, unid_t id,
648 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
650 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
655 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
656 struct files_struct *fsp,
657 struct shadow_copy_data *shadow_copy_data,
662 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
664 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
669 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
671 struct vfs_statvfs_struct *statbuf)
675 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
677 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
682 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
686 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
688 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
693 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
694 const char *fname, const char *mask, uint32 attr)
698 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
700 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
705 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
706 files_struct *fsp, const char *mask, uint32 attr)
710 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
712 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
713 fsp_str_do_log(fsp));
718 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
719 DIR *dirp, SMB_STRUCT_STAT *sbuf)
721 struct dirent *result;
723 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
725 /* This operation has no reasonable error condition
726 * (End of dir is also failure), so always succeed.
728 do_log(SMB_VFS_OP_READDIR, True, handle, "");
733 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
734 DIR *dirp, long offset)
736 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
738 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
741 static long smb_full_audit_telldir(vfs_handle_struct *handle,
746 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
748 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
753 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
756 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
758 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
761 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
762 const char *path, mode_t mode)
766 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
768 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
773 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
778 result = SMB_VFS_NEXT_RMDIR(handle, path);
780 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
785 static int smb_full_audit_closedir(vfs_handle_struct *handle,
790 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
792 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
797 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
800 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
802 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
805 static int smb_full_audit_open(vfs_handle_struct *handle,
806 struct smb_filename *smb_fname,
807 files_struct *fsp, int flags, mode_t mode)
811 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
813 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
814 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
815 smb_fname_str_do_log(smb_fname));
820 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
821 struct smb_request *req,
822 uint16_t root_dir_fid,
823 struct smb_filename *smb_fname,
824 uint32_t access_mask,
825 uint32_t share_access,
826 uint32_t create_disposition,
827 uint32_t create_options,
828 uint32_t file_attributes,
829 uint32_t oplock_request,
830 uint64_t allocation_size,
831 uint32_t private_flags,
832 struct security_descriptor *sd,
833 struct ea_list *ea_list,
834 files_struct **result_fsp,
838 const char* str_create_disposition;
840 switch (create_disposition) {
842 str_create_disposition = "supersede";
844 case FILE_OVERWRITE_IF:
845 str_create_disposition = "overwrite_if";
848 str_create_disposition = "open";
851 str_create_disposition = "overwrite";
854 str_create_disposition = "create";
857 str_create_disposition = "open_if";
860 str_create_disposition = "unknown";
863 result = SMB_VFS_NEXT_CREATE_FILE(
866 root_dir_fid, /* root_dir_fid */
867 smb_fname, /* fname */
868 access_mask, /* access_mask */
869 share_access, /* share_access */
870 create_disposition, /* create_disposition*/
871 create_options, /* create_options */
872 file_attributes, /* file_attributes */
873 oplock_request, /* oplock_request */
874 allocation_size, /* allocation_size */
877 ea_list, /* ea_list */
878 result_fsp, /* result */
881 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
882 "0x%x|%s|%s|%s", access_mask,
883 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
884 str_create_disposition, smb_fname_str_do_log(smb_fname));
889 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
893 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
895 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
896 fsp_str_do_log(fsp));
901 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
902 void *data, size_t n)
906 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
908 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
909 fsp_str_do_log(fsp));
914 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
915 void *data, size_t n, off_t offset)
919 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
921 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
922 fsp_str_do_log(fsp));
927 struct smb_full_audit_pread_state {
928 vfs_handle_struct *handle;
934 static void smb_full_audit_pread_done(struct tevent_req *subreq);
936 static struct tevent_req *smb_full_audit_pread_send(
937 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
938 struct tevent_context *ev, struct files_struct *fsp,
939 void *data, size_t n, off_t offset)
941 struct tevent_req *req, *subreq;
942 struct smb_full_audit_pread_state *state;
944 req = tevent_req_create(mem_ctx, &state,
945 struct smb_full_audit_pread_state);
947 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
948 fsp_str_do_log(fsp));
951 state->handle = handle;
954 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
956 if (tevent_req_nomem(subreq, req)) {
957 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
958 fsp_str_do_log(fsp));
959 return tevent_req_post(req, ev);
961 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
963 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
967 static void smb_full_audit_pread_done(struct tevent_req *subreq)
969 struct tevent_req *req = tevent_req_callback_data(
970 subreq, struct tevent_req);
971 struct smb_full_audit_pread_state *state = tevent_req_data(
972 req, struct smb_full_audit_pread_state);
974 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
976 tevent_req_done(req);
979 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req, int *err)
981 struct smb_full_audit_pread_state *state = tevent_req_data(
982 req, struct smb_full_audit_pread_state);
984 if (tevent_req_is_unix_error(req, err)) {
985 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
986 fsp_str_do_log(state->fsp));
990 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
991 fsp_str_do_log(state->fsp));
997 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
998 const void *data, size_t n)
1002 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1004 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1005 fsp_str_do_log(fsp));
1010 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1011 const void *data, size_t n,
1016 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1018 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1019 fsp_str_do_log(fsp));
1024 struct smb_full_audit_pwrite_state {
1025 vfs_handle_struct *handle;
1031 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1033 static struct tevent_req *smb_full_audit_pwrite_send(
1034 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1035 struct tevent_context *ev, struct files_struct *fsp,
1036 const void *data, size_t n, off_t offset)
1038 struct tevent_req *req, *subreq;
1039 struct smb_full_audit_pwrite_state *state;
1041 req = tevent_req_create(mem_ctx, &state,
1042 struct smb_full_audit_pwrite_state);
1044 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1045 fsp_str_do_log(fsp));
1048 state->handle = handle;
1051 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1053 if (tevent_req_nomem(subreq, req)) {
1054 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1055 fsp_str_do_log(fsp));
1056 return tevent_req_post(req, ev);
1058 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1060 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1061 fsp_str_do_log(fsp));
1065 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1067 struct tevent_req *req = tevent_req_callback_data(
1068 subreq, struct tevent_req);
1069 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1070 req, struct smb_full_audit_pwrite_state);
1072 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
1073 TALLOC_FREE(subreq);
1074 tevent_req_done(req);
1077 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req, int *err)
1079 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1080 req, struct smb_full_audit_pwrite_state);
1082 if (tevent_req_is_unix_error(req, err)) {
1083 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1084 fsp_str_do_log(state->fsp));
1088 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1089 fsp_str_do_log(state->fsp));
1095 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1096 off_t offset, int whence)
1100 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1102 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1103 "%s", fsp_str_do_log(fsp));
1108 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1109 files_struct *fromfsp,
1110 const DATA_BLOB *hdr, off_t offset,
1115 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1117 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1118 "%s", fsp_str_do_log(fromfsp));
1123 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1124 files_struct *tofsp,
1130 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1132 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1133 "%s", fsp_str_do_log(tofsp));
1138 static int smb_full_audit_rename(vfs_handle_struct *handle,
1139 const struct smb_filename *smb_fname_src,
1140 const struct smb_filename *smb_fname_dst)
1144 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1146 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1147 smb_fname_str_do_log(smb_fname_src),
1148 smb_fname_str_do_log(smb_fname_dst));
1153 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1157 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1159 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1160 fsp_str_do_log(fsp));
1165 struct smb_full_audit_fsync_state {
1166 vfs_handle_struct *handle;
1172 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1174 static struct tevent_req *smb_full_audit_fsync_send(
1175 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1176 struct tevent_context *ev, struct files_struct *fsp)
1178 struct tevent_req *req, *subreq;
1179 struct smb_full_audit_fsync_state *state;
1181 req = tevent_req_create(mem_ctx, &state,
1182 struct smb_full_audit_fsync_state);
1184 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1185 fsp_str_do_log(fsp));
1188 state->handle = handle;
1191 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1192 if (tevent_req_nomem(subreq, req)) {
1193 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1194 fsp_str_do_log(fsp));
1195 return tevent_req_post(req, ev);
1197 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1199 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1203 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1205 struct tevent_req *req = tevent_req_callback_data(
1206 subreq, struct tevent_req);
1207 struct smb_full_audit_fsync_state *state = tevent_req_data(
1208 req, struct smb_full_audit_fsync_state);
1210 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->err);
1211 TALLOC_FREE(subreq);
1212 tevent_req_done(req);
1215 static int smb_full_audit_fsync_recv(struct tevent_req *req, int *err)
1217 struct smb_full_audit_fsync_state *state = tevent_req_data(
1218 req, struct smb_full_audit_fsync_state);
1220 if (tevent_req_is_unix_error(req, err)) {
1221 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1222 fsp_str_do_log(state->fsp));
1226 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1227 fsp_str_do_log(state->fsp));
1233 static int smb_full_audit_stat(vfs_handle_struct *handle,
1234 struct smb_filename *smb_fname)
1238 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1240 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1241 smb_fname_str_do_log(smb_fname));
1246 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1247 SMB_STRUCT_STAT *sbuf)
1251 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1253 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1254 fsp_str_do_log(fsp));
1259 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1260 struct smb_filename *smb_fname)
1264 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1266 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1267 smb_fname_str_do_log(smb_fname));
1272 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1273 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1277 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1279 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1285 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1286 const struct smb_filename *smb_fname)
1290 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1292 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1293 smb_fname_str_do_log(smb_fname));
1298 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1299 const char *path, mode_t mode)
1303 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1305 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1310 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1315 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1317 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1318 "%s|%o", fsp_str_do_log(fsp), mode);
1323 static int smb_full_audit_chown(vfs_handle_struct *handle,
1324 const char *path, uid_t uid, gid_t gid)
1328 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1330 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1331 path, (long int)uid, (long int)gid);
1336 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1337 uid_t uid, gid_t gid)
1341 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1343 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1344 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1349 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1350 const char *path, uid_t uid, gid_t gid)
1354 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1356 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1357 path, (long int)uid, (long int)gid);
1362 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1367 result = SMB_VFS_NEXT_CHDIR(handle, path);
1369 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1374 static char *smb_full_audit_getwd(vfs_handle_struct *handle)
1378 result = SMB_VFS_NEXT_GETWD(handle);
1380 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1381 result == NULL? "" : result);
1386 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1387 const struct smb_filename *smb_fname,
1388 struct smb_file_time *ft)
1392 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1394 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1395 smb_fname_str_do_log(smb_fname));
1400 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1405 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1407 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1408 "%s", fsp_str_do_log(fsp));
1413 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1414 enum vfs_fallocate_mode mode,
1420 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1422 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1423 "%s", fsp_str_do_log(fsp));
1428 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1429 int op, off_t offset, off_t count, int type)
1433 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1435 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1440 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1441 struct files_struct *fsp,
1442 uint32 share_mode, uint32 access_mask)
1446 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1448 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1449 fsp_str_do_log(fsp));
1454 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1459 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1461 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1462 fsp_str_do_log(fsp));
1467 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1468 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1472 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1474 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1479 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1480 const char *oldpath, const char *newpath)
1484 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1486 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1487 "%s|%s", oldpath, newpath);
1492 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1493 const char *path, char *buf, size_t bufsiz)
1497 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1499 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1504 static int smb_full_audit_link(vfs_handle_struct *handle,
1505 const char *oldpath, const char *newpath)
1509 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1511 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1512 "%s|%s", oldpath, newpath);
1517 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1518 const char *pathname, mode_t mode, SMB_DEV_T dev)
1522 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1524 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1529 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1534 result = SMB_VFS_NEXT_REALPATH(handle, path);
1536 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1541 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1542 struct sys_notify_context *ctx,
1545 uint32_t *subdir_filter,
1546 void (*callback)(struct sys_notify_context *ctx,
1548 struct notify_event *ev),
1549 void *private_data, void *handle_p)
1553 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, path,
1554 filter, subdir_filter, callback,
1555 private_data, handle_p);
1557 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1562 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1563 const char *path, unsigned int flags)
1567 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1569 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1574 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1575 const SMB_STRUCT_STAT *sbuf)
1577 struct file_id id_zero;
1578 struct file_id result;
1580 ZERO_STRUCT(id_zero);
1582 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1584 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1585 !file_id_equal(&id_zero, &result),
1586 handle, "%s", file_id_string_tos(&result));
1591 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1592 struct files_struct *fsp,
1594 TALLOC_CTX *mem_ctx,
1595 unsigned int *pnum_streams,
1596 struct stream_struct **pstreams)
1600 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1601 pnum_streams, pstreams);
1603 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1609 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1612 TALLOC_CTX *mem_ctx,
1617 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1620 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1621 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1626 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1631 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1633 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1639 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1640 struct byte_range_lock *br_lck,
1641 struct lock_struct *plock,
1643 struct blocking_lock_record *blr)
1647 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1648 blocking_lock, blr);
1650 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1651 "%s:%llu-%llu. type=%d. blocking=%d", fsp_str_do_log(br_lck->fsp),
1652 plock->start, plock->size, plock->lock_type, blocking_lock );
1657 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1658 struct messaging_context *msg_ctx,
1659 struct byte_range_lock *br_lck,
1660 const struct lock_struct *plock)
1664 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1667 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1668 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1669 plock->size, plock->lock_type);
1674 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1675 struct byte_range_lock *br_lck,
1676 struct lock_struct *plock,
1677 struct blocking_lock_record *blr)
1681 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1683 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1684 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1690 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1691 struct files_struct *fsp,
1692 struct lock_struct *plock)
1696 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1698 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1699 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1705 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1706 struct files_struct *fsp,
1707 struct lock_struct *plock)
1709 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1711 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1712 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1716 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1718 enum vfs_translate_direction direction,
1719 TALLOC_CTX *mem_ctx,
1724 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1727 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1732 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1733 uint32 security_info,
1734 struct security_descriptor **ppdesc)
1738 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1740 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1741 "%s", fsp_str_do_log(fsp));
1746 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1748 uint32 security_info,
1749 struct security_descriptor **ppdesc)
1753 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1755 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1761 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1762 uint32 security_info_sent,
1763 const struct security_descriptor *psd)
1767 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1769 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1770 fsp_str_do_log(fsp));
1775 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1776 const char *path, mode_t mode)
1780 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1782 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1783 "%s|%o", path, mode);
1788 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1793 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1795 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1796 "%s|%o", fsp_str_do_log(fsp), mode);
1801 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1803 SMB_ACL_TYPE_T type)
1807 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1809 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1815 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1820 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1822 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1823 "%s", fsp_str_do_log(fsp));
1828 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
1830 SMB_ACL_TYPE_T type,
1831 TALLOC_CTX *mem_ctx,
1832 char **blob_description,
1837 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
1839 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
1845 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1847 TALLOC_CTX *mem_ctx,
1848 char **blob_description,
1853 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob);
1855 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
1856 "%s", fsp_str_do_log(fsp));
1861 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1863 const char *name, SMB_ACL_TYPE_T acltype,
1868 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1871 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1877 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1882 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1884 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1885 "%s", fsp_str_do_log(fsp));
1890 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1896 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1898 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1904 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1906 const char *name, void *value, size_t size)
1910 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1912 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1913 "%s|%s", path, name);
1918 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1919 struct files_struct *fsp,
1920 const char *name, void *value, size_t size)
1924 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1926 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1927 "%s|%s", fsp_str_do_log(fsp), name);
1932 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1933 const char *path, char *list, size_t size)
1937 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1939 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1944 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1945 struct files_struct *fsp, char *list,
1950 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
1952 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1953 "%s", fsp_str_do_log(fsp));
1958 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1964 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1966 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1967 "%s|%s", path, name);
1972 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1973 struct files_struct *fsp,
1978 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
1980 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1981 "%s|%s", fsp_str_do_log(fsp), name);
1986 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1988 const char *name, const void *value, size_t size,
1993 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
1996 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1997 "%s|%s", path, name);
2002 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2003 struct files_struct *fsp, const char *name,
2004 const void *value, size_t size, int flags)
2008 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2010 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2011 "%s|%s", fsp_str_do_log(fsp), name);
2016 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2017 struct files_struct *fsp)
2021 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2022 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2023 "%s", fsp_str_do_log(fsp));
2028 static bool smb_full_audit_is_offline(struct vfs_handle_struct *handle,
2029 const struct smb_filename *fname,
2030 SMB_STRUCT_STAT *sbuf)
2034 result = SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
2035 do_log(SMB_VFS_OP_IS_OFFLINE, result, handle, "%s",
2036 smb_fname_str_do_log(fname));
2040 static int smb_full_audit_set_offline(struct vfs_handle_struct *handle,
2041 const struct smb_filename *fname)
2045 result = SMB_VFS_NEXT_SET_OFFLINE(handle, fname);
2046 do_log(SMB_VFS_OP_SET_OFFLINE, result >= 0, handle, "%s",
2047 smb_fname_str_do_log(fname));
2051 static struct vfs_fn_pointers vfs_full_audit_fns = {
2053 /* Disk operations */
2055 .connect_fn = smb_full_audit_connect,
2056 .disconnect_fn = smb_full_audit_disconnect,
2057 .disk_free_fn = smb_full_audit_disk_free,
2058 .get_quota_fn = smb_full_audit_get_quota,
2059 .set_quota_fn = smb_full_audit_set_quota,
2060 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2061 .statvfs_fn = smb_full_audit_statvfs,
2062 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2063 .opendir_fn = smb_full_audit_opendir,
2064 .fdopendir_fn = smb_full_audit_fdopendir,
2065 .readdir_fn = smb_full_audit_readdir,
2066 .seekdir_fn = smb_full_audit_seekdir,
2067 .telldir_fn = smb_full_audit_telldir,
2068 .rewind_dir_fn = smb_full_audit_rewinddir,
2069 .mkdir_fn = smb_full_audit_mkdir,
2070 .rmdir_fn = smb_full_audit_rmdir,
2071 .closedir_fn = smb_full_audit_closedir,
2072 .init_search_op_fn = smb_full_audit_init_search_op,
2073 .open_fn = smb_full_audit_open,
2074 .create_file_fn = smb_full_audit_create_file,
2075 .close_fn = smb_full_audit_close,
2076 .read_fn = smb_full_audit_read,
2077 .pread_fn = smb_full_audit_pread,
2078 .pread_send_fn = smb_full_audit_pread_send,
2079 .pread_recv_fn = smb_full_audit_pread_recv,
2080 .write_fn = smb_full_audit_write,
2081 .pwrite_fn = smb_full_audit_pwrite,
2082 .pwrite_send_fn = smb_full_audit_pwrite_send,
2083 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2084 .lseek_fn = smb_full_audit_lseek,
2085 .sendfile_fn = smb_full_audit_sendfile,
2086 .recvfile_fn = smb_full_audit_recvfile,
2087 .rename_fn = smb_full_audit_rename,
2088 .fsync_fn = smb_full_audit_fsync,
2089 .fsync_send_fn = smb_full_audit_fsync_send,
2090 .fsync_recv_fn = smb_full_audit_fsync_recv,
2091 .stat_fn = smb_full_audit_stat,
2092 .fstat_fn = smb_full_audit_fstat,
2093 .lstat_fn = smb_full_audit_lstat,
2094 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2095 .unlink_fn = smb_full_audit_unlink,
2096 .chmod_fn = smb_full_audit_chmod,
2097 .fchmod_fn = smb_full_audit_fchmod,
2098 .chown_fn = smb_full_audit_chown,
2099 .fchown_fn = smb_full_audit_fchown,
2100 .lchown_fn = smb_full_audit_lchown,
2101 .chdir_fn = smb_full_audit_chdir,
2102 .getwd_fn = smb_full_audit_getwd,
2103 .ntimes_fn = smb_full_audit_ntimes,
2104 .ftruncate_fn = smb_full_audit_ftruncate,
2105 .fallocate_fn = smb_full_audit_fallocate,
2106 .lock_fn = smb_full_audit_lock,
2107 .kernel_flock_fn = smb_full_audit_kernel_flock,
2108 .linux_setlease_fn = smb_full_audit_linux_setlease,
2109 .getlock_fn = smb_full_audit_getlock,
2110 .symlink_fn = smb_full_audit_symlink,
2111 .readlink_fn = smb_full_audit_readlink,
2112 .link_fn = smb_full_audit_link,
2113 .mknod_fn = smb_full_audit_mknod,
2114 .realpath_fn = smb_full_audit_realpath,
2115 .notify_watch_fn = smb_full_audit_notify_watch,
2116 .chflags_fn = smb_full_audit_chflags,
2117 .file_id_create_fn = smb_full_audit_file_id_create,
2118 .streaminfo_fn = smb_full_audit_streaminfo,
2119 .get_real_filename_fn = smb_full_audit_get_real_filename,
2120 .connectpath_fn = smb_full_audit_connectpath,
2121 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2122 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2123 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2124 .strict_lock_fn = smb_full_audit_strict_lock,
2125 .strict_unlock_fn = smb_full_audit_strict_unlock,
2126 .translate_name_fn = smb_full_audit_translate_name,
2127 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2128 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2129 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2130 .chmod_acl_fn = smb_full_audit_chmod_acl,
2131 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2132 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2133 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2134 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2135 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2136 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2137 .getxattr_fn = smb_full_audit_getxattr,
2138 .fgetxattr_fn = smb_full_audit_fgetxattr,
2139 .listxattr_fn = smb_full_audit_listxattr,
2140 .flistxattr_fn = smb_full_audit_flistxattr,
2141 .removexattr_fn = smb_full_audit_removexattr,
2142 .fremovexattr_fn = smb_full_audit_fremovexattr,
2143 .setxattr_fn = smb_full_audit_setxattr,
2144 .fsetxattr_fn = smb_full_audit_fsetxattr,
2145 .aio_force_fn = smb_full_audit_aio_force,
2146 .is_offline_fn = smb_full_audit_is_offline,
2147 .set_offline_fn = smb_full_audit_set_offline,
2150 NTSTATUS vfs_full_audit_init(void)
2152 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2153 "full_audit", &vfs_full_audit_fns);
2155 if (!NT_STATUS_IS_OK(ret))
2158 vfs_full_audit_debug_level = debug_add_class("full_audit");
2159 if (vfs_full_audit_debug_level == -1) {
2160 vfs_full_audit_debug_level = DBGC_VFS;
2161 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2164 DEBUG(10, ("vfs_full_audit: Debug class number of "
2165 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / samba.git / blob