2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 static int vfs_full_audit_debug_level = DBGC_VFS;
64 struct vfs_full_audit_private_data {
65 struct bitmap *success_ops;
66 struct bitmap *failure_ops;
70 #define DBGC_CLASS vfs_full_audit_debug_level
72 typedef enum _vfs_op_type {
77 SMB_VFS_OP_CONNECT = 0,
78 SMB_VFS_OP_DISCONNECT,
82 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
84 SMB_VFS_OP_FS_CAPABILITIES,
86 /* Directory operations */
96 SMB_VFS_OP_INIT_SEARCH_OP,
101 SMB_VFS_OP_CREATE_FILE,
115 SMB_VFS_OP_GET_ALLOC_SIZE,
125 SMB_VFS_OP_FTRUNCATE,
127 SMB_VFS_OP_KERNEL_FLOCK,
128 SMB_VFS_OP_LINUX_SETLEASE,
135 SMB_VFS_OP_NOTIFY_WATCH,
137 SMB_VFS_OP_FILE_ID_CREATE,
138 SMB_VFS_OP_STREAMINFO,
139 SMB_VFS_OP_GET_REAL_FILENAME,
140 SMB_VFS_OP_CONNECTPATH,
141 SMB_VFS_OP_BRL_LOCK_WINDOWS,
142 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
143 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
144 SMB_VFS_OP_STRICT_LOCK,
145 SMB_VFS_OP_STRICT_UNLOCK,
146 SMB_VFS_OP_TRANSLATE_NAME,
148 /* NT ACL operations. */
150 SMB_VFS_OP_FGET_NT_ACL,
151 SMB_VFS_OP_GET_NT_ACL,
152 SMB_VFS_OP_FSET_NT_ACL,
154 /* POSIX ACL operations. */
156 SMB_VFS_OP_CHMOD_ACL,
157 SMB_VFS_OP_FCHMOD_ACL,
159 SMB_VFS_OP_SYS_ACL_GET_ENTRY,
160 SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
161 SMB_VFS_OP_SYS_ACL_GET_PERMSET,
162 SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
163 SMB_VFS_OP_SYS_ACL_GET_FILE,
164 SMB_VFS_OP_SYS_ACL_GET_FD,
165 SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
166 SMB_VFS_OP_SYS_ACL_ADD_PERM,
167 SMB_VFS_OP_SYS_ACL_TO_TEXT,
168 SMB_VFS_OP_SYS_ACL_INIT,
169 SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
170 SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
171 SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
172 SMB_VFS_OP_SYS_ACL_SET_PERMSET,
173 SMB_VFS_OP_SYS_ACL_VALID,
174 SMB_VFS_OP_SYS_ACL_SET_FILE,
175 SMB_VFS_OP_SYS_ACL_SET_FD,
176 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
177 SMB_VFS_OP_SYS_ACL_GET_PERM,
178 SMB_VFS_OP_SYS_ACL_FREE_TEXT,
179 SMB_VFS_OP_SYS_ACL_FREE_ACL,
180 SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
184 SMB_VFS_OP_LGETXATTR,
185 SMB_VFS_OP_FGETXATTR,
186 SMB_VFS_OP_LISTXATTR,
187 SMB_VFS_OP_LLISTXATTR,
188 SMB_VFS_OP_FLISTXATTR,
189 SMB_VFS_OP_REMOVEXATTR,
190 SMB_VFS_OP_LREMOVEXATTR,
191 SMB_VFS_OP_FREMOVEXATTR,
193 SMB_VFS_OP_LSETXATTR,
194 SMB_VFS_OP_FSETXATTR,
198 SMB_VFS_OP_AIO_WRITE,
199 SMB_VFS_OP_AIO_RETURN,
200 SMB_VFS_OP_AIO_CANCEL,
201 SMB_VFS_OP_AIO_ERROR,
202 SMB_VFS_OP_AIO_FSYNC,
203 SMB_VFS_OP_AIO_SUSPEND,
204 SMB_VFS_OP_AIO_FORCE,
206 /* offline operations */
207 SMB_VFS_OP_IS_OFFLINE,
208 SMB_VFS_OP_SET_OFFLINE,
210 /* This should always be last enum value */
215 /* The following array *must* be in the same order as defined in vfs.h */
221 { SMB_VFS_OP_CONNECT, "connect" },
222 { SMB_VFS_OP_DISCONNECT, "disconnect" },
223 { SMB_VFS_OP_DISK_FREE, "disk_free" },
224 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
225 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
226 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
227 { SMB_VFS_OP_STATVFS, "statvfs" },
228 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
229 { SMB_VFS_OP_OPENDIR, "opendir" },
230 { SMB_VFS_OP_READDIR, "readdir" },
231 { SMB_VFS_OP_SEEKDIR, "seekdir" },
232 { SMB_VFS_OP_TELLDIR, "telldir" },
233 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
234 { SMB_VFS_OP_MKDIR, "mkdir" },
235 { SMB_VFS_OP_RMDIR, "rmdir" },
236 { SMB_VFS_OP_CLOSEDIR, "closedir" },
237 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
238 { SMB_VFS_OP_OPEN, "open" },
239 { SMB_VFS_OP_CREATE_FILE, "create_file" },
240 { SMB_VFS_OP_CLOSE, "close" },
241 { SMB_VFS_OP_READ, "read" },
242 { SMB_VFS_OP_PREAD, "pread" },
243 { SMB_VFS_OP_WRITE, "write" },
244 { SMB_VFS_OP_PWRITE, "pwrite" },
245 { SMB_VFS_OP_LSEEK, "lseek" },
246 { SMB_VFS_OP_SENDFILE, "sendfile" },
247 { SMB_VFS_OP_RECVFILE, "recvfile" },
248 { SMB_VFS_OP_RENAME, "rename" },
249 { SMB_VFS_OP_FSYNC, "fsync" },
250 { SMB_VFS_OP_STAT, "stat" },
251 { SMB_VFS_OP_FSTAT, "fstat" },
252 { SMB_VFS_OP_LSTAT, "lstat" },
253 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
254 { SMB_VFS_OP_UNLINK, "unlink" },
255 { SMB_VFS_OP_CHMOD, "chmod" },
256 { SMB_VFS_OP_FCHMOD, "fchmod" },
257 { SMB_VFS_OP_CHOWN, "chown" },
258 { SMB_VFS_OP_FCHOWN, "fchown" },
259 { SMB_VFS_OP_LCHOWN, "lchown" },
260 { SMB_VFS_OP_CHDIR, "chdir" },
261 { SMB_VFS_OP_GETWD, "getwd" },
262 { SMB_VFS_OP_NTIMES, "ntimes" },
263 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
264 { SMB_VFS_OP_LOCK, "lock" },
265 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
266 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
267 { SMB_VFS_OP_GETLOCK, "getlock" },
268 { SMB_VFS_OP_SYMLINK, "symlink" },
269 { SMB_VFS_OP_READLINK, "readlink" },
270 { SMB_VFS_OP_LINK, "link" },
271 { SMB_VFS_OP_MKNOD, "mknod" },
272 { SMB_VFS_OP_REALPATH, "realpath" },
273 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
274 { SMB_VFS_OP_CHFLAGS, "chflags" },
275 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
276 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
277 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
278 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
279 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
280 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
281 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
282 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
283 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
284 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
285 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
286 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
287 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
288 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
289 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
290 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
291 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
292 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
293 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
294 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
295 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
296 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
297 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
298 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
299 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
300 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
301 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
302 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
303 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
304 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
305 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
306 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
307 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
308 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
309 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
310 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
311 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
312 { SMB_VFS_OP_GETXATTR, "getxattr" },
313 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
314 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
315 { SMB_VFS_OP_LISTXATTR, "listxattr" },
316 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
317 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
318 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
319 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
320 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
321 { SMB_VFS_OP_SETXATTR, "setxattr" },
322 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
323 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
324 { SMB_VFS_OP_AIO_READ, "aio_read" },
325 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
326 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
327 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
328 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
329 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
330 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
331 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
332 { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
333 { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
334 { SMB_VFS_OP_LAST, NULL }
337 static int audit_syslog_facility(vfs_handle_struct *handle)
339 static const struct enum_list enum_log_facilities[] = {
340 { LOG_USER, "USER" },
341 { LOG_LOCAL0, "LOCAL0" },
342 { LOG_LOCAL1, "LOCAL1" },
343 { LOG_LOCAL2, "LOCAL2" },
344 { LOG_LOCAL3, "LOCAL3" },
345 { LOG_LOCAL4, "LOCAL4" },
346 { LOG_LOCAL5, "LOCAL5" },
347 { LOG_LOCAL6, "LOCAL6" },
348 { LOG_LOCAL7, "LOCAL7" }
353 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
358 static int audit_syslog_priority(vfs_handle_struct *handle)
360 static const struct enum_list enum_log_priorities[] = {
361 { LOG_EMERG, "EMERG" },
362 { LOG_ALERT, "ALERT" },
363 { LOG_CRIT, "CRIT" },
365 { LOG_WARNING, "WARNING" },
366 { LOG_NOTICE, "NOTICE" },
367 { LOG_INFO, "INFO" },
368 { LOG_DEBUG, "DEBUG" }
373 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
374 enum_log_priorities, LOG_NOTICE);
375 if (priority == -1) {
376 priority = LOG_WARNING;
382 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
387 prefix = talloc_strdup(ctx,
388 lp_parm_const_string(SNUM(conn), "full_audit",
393 result = talloc_sub_advanced(ctx,
394 lp_servicename(SNUM(conn)),
395 conn->server_info->unix_name,
397 conn->server_info->utok.gid,
398 conn->server_info->sanitized_username,
399 pdb_get_domain(conn->server_info->sam_account),
405 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
407 struct vfs_full_audit_private_data *pd = NULL;
409 SMB_VFS_HANDLE_GET_DATA(handle, pd,
410 struct vfs_full_audit_private_data,
413 if (pd->success_ops == NULL) {
417 return bitmap_query(pd->success_ops, op);
420 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
422 struct vfs_full_audit_private_data *pd = NULL;
424 SMB_VFS_HANDLE_GET_DATA(handle, pd,
425 struct vfs_full_audit_private_data,
428 if (pd->failure_ops == NULL)
431 return bitmap_query(pd->failure_ops, op);
434 static void init_bitmap(struct bitmap **bm, const char **ops)
436 bool log_all = False;
441 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
444 DEBUG(0, ("Could not alloc bitmap -- "
445 "defaulting to logging everything\n"));
449 while (*ops != NULL) {
453 if (strequal(*ops, "all")) {
458 if (strequal(*ops, "none")) {
462 for (i=0; i<SMB_VFS_OP_LAST; i++) {
463 if (vfs_op_names[i].name == NULL) {
464 smb_panic("vfs_full_audit.c: name table not "
465 "in sync with vfs.h\n");
468 if (strequal(*ops, vfs_op_names[i].name)) {
474 DEBUG(0, ("Could not find opname %s, logging all\n",
483 /* The query functions default to True */
489 static const char *audit_opname(vfs_op_type op)
491 if (op >= SMB_VFS_OP_LAST)
492 return "INVALID VFS OP";
493 return vfs_op_names[op].name;
496 static TALLOC_CTX *tmp_do_log_ctx;
498 * Get us a temporary talloc context usable just for DEBUG arguments
500 static TALLOC_CTX *do_log_ctx(void)
502 if (tmp_do_log_ctx == NULL) {
503 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
505 return tmp_do_log_ctx;
508 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
509 const char *format, ...)
512 char *audit_pre = NULL;
517 if (success && (!log_success(handle, op)))
520 if (!success && (!log_failure(handle, op)))
524 fstrcpy(err_msg, "ok");
526 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
528 va_start(ap, format);
529 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
537 * Specify the facility to interoperate with other syslog callers
538 * (smbd for example).
540 priority = audit_syslog_priority(handle) |
541 audit_syslog_facility(handle);
543 audit_pre = audit_prefix(talloc_tos(), handle->conn);
544 syslog(priority, "%s|%s|%s|%s\n",
545 audit_pre ? audit_pre : "",
546 audit_opname(op), err_msg, op_msg);
549 TALLOC_FREE(audit_pre);
551 TALLOC_FREE(tmp_do_log_ctx);
557 * Return a string using the do_log_ctx()
559 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
564 if (smb_fname == NULL) {
567 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
568 if (!NT_STATUS_IS_OK(status)) {
575 * Return an fsp debug string using the do_log_ctx()
577 static const char *fsp_str_do_log(const struct files_struct *fsp)
579 return smb_fname_str_do_log(fsp->fsp_name);
582 /* Free function for the private data. */
584 static void free_private_data(void **p_data)
586 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
588 if (pd->success_ops) {
589 bitmap_free(pd->success_ops);
591 if (pd->failure_ops) {
592 bitmap_free(pd->failure_ops);
598 /* Implementation of vfs_ops. Pass everything on to the default
599 operation but log event first. */
601 static int smb_full_audit_connect(vfs_handle_struct *handle,
602 const char *svc, const char *user)
605 struct vfs_full_audit_private_data *pd = NULL;
606 const char *none[] = { NULL };
607 const char *all [] = { "all" };
609 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
614 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
616 SMB_VFS_NEXT_DISCONNECT(handle);
622 openlog("smbd_audit", 0, audit_syslog_facility(handle));
625 init_bitmap(&pd->success_ops,
626 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
628 init_bitmap(&pd->failure_ops,
629 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
632 /* Store the private data. */
633 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
634 struct vfs_full_audit_private_data, return -1);
636 do_log(SMB_VFS_OP_CONNECT, True, handle,
642 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
644 SMB_VFS_NEXT_DISCONNECT(handle);
646 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
647 "%s", lp_servicename(SNUM(handle->conn)));
649 /* The bitmaps will be disconnected when the private
655 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
657 bool small_query, uint64_t *bsize,
658 uint64_t *dfree, uint64_t *dsize)
662 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
665 /* Don't have a reasonable notion of failure here */
667 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
672 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
673 enum SMB_QUOTA_TYPE qtype, unid_t id,
678 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
680 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
686 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
687 enum SMB_QUOTA_TYPE qtype, unid_t id,
692 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
694 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
699 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
700 struct files_struct *fsp,
701 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
705 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
707 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
712 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
714 struct vfs_statvfs_struct *statbuf)
718 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
720 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
725 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
729 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
731 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
736 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
737 const char *fname, const char *mask, uint32 attr)
739 SMB_STRUCT_DIR *result;
741 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
743 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
748 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
749 SMB_STRUCT_DIR *dirp, SMB_STRUCT_STAT *sbuf)
751 SMB_STRUCT_DIRENT *result;
753 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
755 /* This operation has no reasonable error condition
756 * (End of dir is also failure), so always succeed.
758 do_log(SMB_VFS_OP_READDIR, True, handle, "");
763 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
764 SMB_STRUCT_DIR *dirp, long offset)
766 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
768 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
772 static long smb_full_audit_telldir(vfs_handle_struct *handle,
773 SMB_STRUCT_DIR *dirp)
777 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
779 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
784 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
785 SMB_STRUCT_DIR *dirp)
787 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
789 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
793 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
794 const char *path, mode_t mode)
798 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
800 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
805 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
810 result = SMB_VFS_NEXT_RMDIR(handle, path);
812 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
817 static int smb_full_audit_closedir(vfs_handle_struct *handle,
818 SMB_STRUCT_DIR *dirp)
822 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
824 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
829 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
830 SMB_STRUCT_DIR *dirp)
832 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
834 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
838 static int smb_full_audit_open(vfs_handle_struct *handle,
839 struct smb_filename *smb_fname,
840 files_struct *fsp, int flags, mode_t mode)
844 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
846 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
847 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
848 smb_fname_str_do_log(smb_fname));
853 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
854 struct smb_request *req,
855 uint16_t root_dir_fid,
856 struct smb_filename *smb_fname,
857 uint32_t access_mask,
858 uint32_t share_access,
859 uint32_t create_disposition,
860 uint32_t create_options,
861 uint32_t file_attributes,
862 uint32_t oplock_request,
863 uint64_t allocation_size,
864 struct security_descriptor *sd,
865 struct ea_list *ea_list,
866 files_struct **result_fsp,
870 const char* str_create_disposition;
872 switch (create_disposition) {
874 str_create_disposition = "supersede";
876 case FILE_OVERWRITE_IF:
877 str_create_disposition = "overwrite_if";
880 str_create_disposition = "open";
883 str_create_disposition = "overwrite";
886 str_create_disposition = "create";
889 str_create_disposition = "open_if";
892 str_create_disposition = "unknown";
895 result = SMB_VFS_NEXT_CREATE_FILE(
898 root_dir_fid, /* root_dir_fid */
899 smb_fname, /* fname */
900 access_mask, /* access_mask */
901 share_access, /* share_access */
902 create_disposition, /* create_disposition*/
903 create_options, /* create_options */
904 file_attributes, /* file_attributes */
905 oplock_request, /* oplock_request */
906 allocation_size, /* allocation_size */
908 ea_list, /* ea_list */
909 result_fsp, /* result */
912 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
913 "0x%x|%s|%s|%s", access_mask,
914 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
915 str_create_disposition, smb_fname_str_do_log(smb_fname));
920 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
924 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
926 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
927 fsp_str_do_log(fsp));
932 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
933 void *data, size_t n)
937 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
939 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
940 fsp_str_do_log(fsp));
945 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
946 void *data, size_t n, SMB_OFF_T offset)
950 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
952 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
953 fsp_str_do_log(fsp));
958 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
959 const void *data, size_t n)
963 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
965 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
966 fsp_str_do_log(fsp));
971 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
972 const void *data, size_t n,
977 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
979 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
980 fsp_str_do_log(fsp));
985 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
986 SMB_OFF_T offset, int whence)
990 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
992 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
993 "%s", fsp_str_do_log(fsp));
998 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
999 files_struct *fromfsp,
1000 const DATA_BLOB *hdr, SMB_OFF_T offset,
1005 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1007 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1008 "%s", fsp_str_do_log(fromfsp));
1013 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1014 files_struct *tofsp,
1020 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1022 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1023 "%s", fsp_str_do_log(tofsp));
1028 static int smb_full_audit_rename(vfs_handle_struct *handle,
1029 const struct smb_filename *smb_fname_src,
1030 const struct smb_filename *smb_fname_dst)
1034 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1036 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1037 smb_fname_str_do_log(smb_fname_src),
1038 smb_fname_str_do_log(smb_fname_dst));
1043 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1047 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1049 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1050 fsp_str_do_log(fsp));
1055 static int smb_full_audit_stat(vfs_handle_struct *handle,
1056 struct smb_filename *smb_fname)
1060 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1062 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1063 smb_fname_str_do_log(smb_fname));
1068 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1069 SMB_STRUCT_STAT *sbuf)
1073 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1075 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1076 fsp_str_do_log(fsp));
1081 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1082 struct smb_filename *smb_fname)
1086 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1088 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1089 smb_fname_str_do_log(smb_fname));
1094 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1095 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1099 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1101 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result >= 0), handle, "%d", result);
1106 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1107 const struct smb_filename *smb_fname)
1111 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1113 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1114 smb_fname_str_do_log(smb_fname));
1119 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1120 const char *path, mode_t mode)
1124 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1126 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1131 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1136 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1138 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1139 "%s|%o", fsp_str_do_log(fsp), mode);
1144 static int smb_full_audit_chown(vfs_handle_struct *handle,
1145 const char *path, uid_t uid, gid_t gid)
1149 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1151 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1152 path, (long int)uid, (long int)gid);
1157 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1158 uid_t uid, gid_t gid)
1162 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1164 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1165 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1170 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1171 const char *path, uid_t uid, gid_t gid)
1175 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1177 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1178 path, (long int)uid, (long int)gid);
1183 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1188 result = SMB_VFS_NEXT_CHDIR(handle, path);
1190 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1195 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1200 result = SMB_VFS_NEXT_GETWD(handle, path);
1202 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1207 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1208 const struct smb_filename *smb_fname,
1209 struct smb_file_time *ft)
1213 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1215 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1216 smb_fname_str_do_log(smb_fname));
1221 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1226 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1228 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1229 "%s", fsp_str_do_log(fsp));
1234 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1235 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1239 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1241 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1246 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1247 struct files_struct *fsp,
1248 uint32 share_mode, uint32 access_mask)
1252 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1254 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1255 fsp_str_do_log(fsp));
1260 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1265 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1267 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1268 fsp_str_do_log(fsp));
1273 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1274 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1278 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1280 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1285 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1286 const char *oldpath, const char *newpath)
1290 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1292 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1293 "%s|%s", oldpath, newpath);
1298 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1299 const char *path, char *buf, size_t bufsiz)
1303 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1305 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1310 static int smb_full_audit_link(vfs_handle_struct *handle,
1311 const char *oldpath, const char *newpath)
1315 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1317 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1318 "%s|%s", oldpath, newpath);
1323 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1324 const char *pathname, mode_t mode, SMB_DEV_T dev)
1328 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1330 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1335 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1336 const char *path, char *resolved_path)
1340 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1342 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1347 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1348 struct sys_notify_context *ctx,
1349 struct notify_entry *e,
1350 void (*callback)(struct sys_notify_context *ctx,
1352 struct notify_event *ev),
1353 void *private_data, void *handle_p)
1357 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1359 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1364 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1365 const char *path, unsigned int flags)
1369 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1371 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1376 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1377 const SMB_STRUCT_STAT *sbuf)
1379 struct file_id id_zero;
1380 struct file_id result;
1382 ZERO_STRUCT(id_zero);
1384 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1386 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1387 !file_id_equal(&id_zero, &result),
1388 handle, "%s", file_id_string_tos(&result));
1393 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1394 struct files_struct *fsp,
1396 TALLOC_CTX *mem_ctx,
1397 unsigned int *pnum_streams,
1398 struct stream_struct **pstreams)
1402 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1403 pnum_streams, pstreams);
1405 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1411 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1414 TALLOC_CTX *mem_ctx,
1419 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1422 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1423 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1428 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1433 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1435 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1441 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1442 struct byte_range_lock *br_lck,
1443 struct lock_struct *plock,
1445 struct blocking_lock_record *blr)
1449 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1450 blocking_lock, blr);
1452 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1453 "%s:%llu-%llu. type=%d. blocking=%d", fsp_str_do_log(br_lck->fsp),
1454 plock->start, plock->size, plock->lock_type, blocking_lock );
1459 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1460 struct messaging_context *msg_ctx,
1461 struct byte_range_lock *br_lck,
1462 const struct lock_struct *plock)
1466 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1469 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1470 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1471 plock->size, plock->lock_type);
1476 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1477 struct byte_range_lock *br_lck,
1478 struct lock_struct *plock,
1479 struct blocking_lock_record *blr)
1483 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1485 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1486 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1492 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1493 struct files_struct *fsp,
1494 struct lock_struct *plock)
1498 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1500 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1501 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1507 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1508 struct files_struct *fsp,
1509 struct lock_struct *plock)
1511 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1513 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1514 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1520 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1522 enum vfs_translate_direction direction,
1523 TALLOC_CTX *mem_ctx,
1528 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1531 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1536 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1537 uint32 security_info,
1542 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1544 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1545 "%s", fsp_str_do_log(fsp));
1550 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1552 uint32 security_info,
1557 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1559 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1565 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1566 uint32 security_info_sent,
1567 const SEC_DESC *psd)
1571 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1573 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1574 fsp_str_do_log(fsp));
1579 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1580 const char *path, mode_t mode)
1584 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1586 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1587 "%s|%o", path, mode);
1592 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1597 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1599 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1600 "%s|%o", fsp_str_do_log(fsp), mode);
1605 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1607 SMB_ACL_T theacl, int entry_id,
1608 SMB_ACL_ENTRY_T *entry_p)
1612 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1615 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1621 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1623 SMB_ACL_ENTRY_T entry_d,
1624 SMB_ACL_TAG_T *tag_type_p)
1628 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1631 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1637 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1639 SMB_ACL_ENTRY_T entry_d,
1640 SMB_ACL_PERMSET_T *permset_p)
1644 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1647 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1653 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1655 SMB_ACL_ENTRY_T entry_d)
1659 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1661 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1667 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1669 SMB_ACL_TYPE_T type)
1673 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1675 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1681 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1686 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1688 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1689 "%s", fsp_str_do_log(fsp));
1694 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1696 SMB_ACL_PERMSET_T permset)
1700 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1702 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1708 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1710 SMB_ACL_PERMSET_T permset,
1711 SMB_ACL_PERM_T perm)
1715 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1717 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1723 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1729 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1731 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1737 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1743 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1745 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1751 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1753 SMB_ACL_ENTRY_T *pentry)
1757 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1759 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1765 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1767 SMB_ACL_ENTRY_T entry,
1768 SMB_ACL_TAG_T tagtype)
1772 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1775 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1781 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1783 SMB_ACL_ENTRY_T entry,
1788 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1790 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1796 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1798 SMB_ACL_ENTRY_T entry,
1799 SMB_ACL_PERMSET_T permset)
1803 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1805 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1811 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1817 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1819 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1825 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1827 const char *name, SMB_ACL_TYPE_T acltype,
1832 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1835 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1841 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1846 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1848 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1849 "%s", fsp_str_do_log(fsp));
1854 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1860 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1862 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1868 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1870 SMB_ACL_PERMSET_T permset,
1871 SMB_ACL_PERM_T perm)
1875 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1877 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1883 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1889 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1891 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1897 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1899 SMB_ACL_T posix_acl)
1903 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1905 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1911 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1913 SMB_ACL_TAG_T tagtype)
1917 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1920 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1926 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1928 const char *name, void *value, size_t size)
1932 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1934 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1935 "%s|%s", path, name);
1940 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1941 const char *path, const char *name,
1942 void *value, size_t size)
1946 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1948 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1949 "%s|%s", path, name);
1954 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1955 struct files_struct *fsp,
1956 const char *name, void *value, size_t size)
1960 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1962 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1963 "%s|%s", fsp_str_do_log(fsp), name);
1968 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1969 const char *path, char *list, size_t size)
1973 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1975 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1980 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1981 const char *path, char *list, size_t size)
1985 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1987 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1992 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1993 struct files_struct *fsp, char *list,
1998 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2000 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2001 "%s", fsp_str_do_log(fsp));
2006 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2012 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2014 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2015 "%s|%s", path, name);
2020 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2026 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2028 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2029 "%s|%s", path, name);
2034 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2035 struct files_struct *fsp,
2040 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2042 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2043 "%s|%s", fsp_str_do_log(fsp), name);
2048 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2050 const char *name, const void *value, size_t size,
2055 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2058 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2059 "%s|%s", path, name);
2064 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2066 const char *name, const void *value, size_t size,
2071 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2074 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2075 "%s|%s", path, name);
2080 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2081 struct files_struct *fsp, const char *name,
2082 const void *value, size_t size, int flags)
2086 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2088 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2089 "%s|%s", fsp_str_do_log(fsp), name);
2094 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2098 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2099 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2100 "%s", fsp_str_do_log(fsp));
2105 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2109 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2110 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2111 "%s", fsp_str_do_log(fsp));
2116 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2120 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2121 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2122 "%s", fsp_str_do_log(fsp));
2127 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2131 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2132 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2133 "%s", fsp_str_do_log(fsp));
2138 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2142 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2143 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2144 "%s", fsp_str_do_log(fsp));
2149 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2153 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2154 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2155 "%s", fsp_str_do_log(fsp));
2160 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2164 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2165 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2166 "%s", fsp_str_do_log(fsp));
2171 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2172 struct files_struct *fsp)
2176 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2177 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2178 "%s", fsp_str_do_log(fsp));
2183 static struct vfs_fn_pointers vfs_full_audit_fns = {
2185 /* Disk operations */
2187 .connect_fn = smb_full_audit_connect,
2188 .disconnect = smb_full_audit_disconnect,
2189 .disk_free = smb_full_audit_disk_free,
2190 .get_quota = smb_full_audit_get_quota,
2191 .set_quota = smb_full_audit_set_quota,
2192 .get_shadow_copy_data = smb_full_audit_get_shadow_copy_data,
2193 .statvfs = smb_full_audit_statvfs,
2194 .fs_capabilities = smb_full_audit_fs_capabilities,
2195 .opendir = smb_full_audit_opendir,
2196 .readdir = smb_full_audit_readdir,
2197 .seekdir = smb_full_audit_seekdir,
2198 .telldir = smb_full_audit_telldir,
2199 .rewind_dir = smb_full_audit_rewinddir,
2200 .mkdir = smb_full_audit_mkdir,
2201 .rmdir = smb_full_audit_rmdir,
2202 .closedir = smb_full_audit_closedir,
2203 .init_search_op = smb_full_audit_init_search_op,
2204 .open = smb_full_audit_open,
2205 .create_file = smb_full_audit_create_file,
2206 .close_fn = smb_full_audit_close,
2207 .vfs_read = smb_full_audit_read,
2208 .pread = smb_full_audit_pread,
2209 .write = smb_full_audit_write,
2210 .pwrite = smb_full_audit_pwrite,
2211 .lseek = smb_full_audit_lseek,
2212 .sendfile = smb_full_audit_sendfile,
2213 .recvfile = smb_full_audit_recvfile,
2214 .rename = smb_full_audit_rename,
2215 .fsync = smb_full_audit_fsync,
2216 .stat = smb_full_audit_stat,
2217 .fstat = smb_full_audit_fstat,
2218 .lstat = smb_full_audit_lstat,
2219 .get_alloc_size = smb_full_audit_get_alloc_size,
2220 .unlink = smb_full_audit_unlink,
2221 .chmod = smb_full_audit_chmod,
2222 .fchmod = smb_full_audit_fchmod,
2223 .chown = smb_full_audit_chown,
2224 .fchown = smb_full_audit_fchown,
2225 .lchown = smb_full_audit_lchown,
2226 .chdir = smb_full_audit_chdir,
2227 .getwd = smb_full_audit_getwd,
2228 .ntimes = smb_full_audit_ntimes,
2229 .ftruncate = smb_full_audit_ftruncate,
2230 .lock = smb_full_audit_lock,
2231 .kernel_flock = smb_full_audit_kernel_flock,
2232 .linux_setlease = smb_full_audit_linux_setlease,
2233 .getlock = smb_full_audit_getlock,
2234 .symlink = smb_full_audit_symlink,
2235 .vfs_readlink = smb_full_audit_readlink,
2236 .link = smb_full_audit_link,
2237 .mknod = smb_full_audit_mknod,
2238 .realpath = smb_full_audit_realpath,
2239 .notify_watch = smb_full_audit_notify_watch,
2240 .chflags = smb_full_audit_chflags,
2241 .file_id_create = smb_full_audit_file_id_create,
2242 .streaminfo = smb_full_audit_streaminfo,
2243 .get_real_filename = smb_full_audit_get_real_filename,
2244 .connectpath = smb_full_audit_connectpath,
2245 .brl_lock_windows = smb_full_audit_brl_lock_windows,
2246 .brl_unlock_windows = smb_full_audit_brl_unlock_windows,
2247 .brl_cancel_windows = smb_full_audit_brl_cancel_windows,
2248 .strict_lock = smb_full_audit_strict_lock,
2249 .strict_unlock = smb_full_audit_strict_unlock,
2250 .translate_name = smb_full_audit_translate_name,
2251 .fget_nt_acl = smb_full_audit_fget_nt_acl,
2252 .get_nt_acl = smb_full_audit_get_nt_acl,
2253 .fset_nt_acl = smb_full_audit_fset_nt_acl,
2254 .chmod_acl = smb_full_audit_chmod_acl,
2255 .fchmod_acl = smb_full_audit_fchmod_acl,
2256 .sys_acl_get_entry = smb_full_audit_sys_acl_get_entry,
2257 .sys_acl_get_tag_type = smb_full_audit_sys_acl_get_tag_type,
2258 .sys_acl_get_permset = smb_full_audit_sys_acl_get_permset,
2259 .sys_acl_get_qualifier = smb_full_audit_sys_acl_get_qualifier,
2260 .sys_acl_get_file = smb_full_audit_sys_acl_get_file,
2261 .sys_acl_get_fd = smb_full_audit_sys_acl_get_fd,
2262 .sys_acl_clear_perms = smb_full_audit_sys_acl_clear_perms,
2263 .sys_acl_add_perm = smb_full_audit_sys_acl_add_perm,
2264 .sys_acl_to_text = smb_full_audit_sys_acl_to_text,
2265 .sys_acl_init = smb_full_audit_sys_acl_init,
2266 .sys_acl_create_entry = smb_full_audit_sys_acl_create_entry,
2267 .sys_acl_set_tag_type = smb_full_audit_sys_acl_set_tag_type,
2268 .sys_acl_set_qualifier = smb_full_audit_sys_acl_set_qualifier,
2269 .sys_acl_set_permset = smb_full_audit_sys_acl_set_permset,
2270 .sys_acl_valid = smb_full_audit_sys_acl_valid,
2271 .sys_acl_set_file = smb_full_audit_sys_acl_set_file,
2272 .sys_acl_set_fd = smb_full_audit_sys_acl_set_fd,
2273 .sys_acl_delete_def_file = smb_full_audit_sys_acl_delete_def_file,
2274 .sys_acl_get_perm = smb_full_audit_sys_acl_get_perm,
2275 .sys_acl_free_text = smb_full_audit_sys_acl_free_text,
2276 .sys_acl_free_acl = smb_full_audit_sys_acl_free_acl,
2277 .sys_acl_free_qualifier = smb_full_audit_sys_acl_free_qualifier,
2278 .getxattr = smb_full_audit_getxattr,
2279 .lgetxattr = smb_full_audit_lgetxattr,
2280 .fgetxattr = smb_full_audit_fgetxattr,
2281 .listxattr = smb_full_audit_listxattr,
2282 .llistxattr = smb_full_audit_llistxattr,
2283 .flistxattr = smb_full_audit_flistxattr,
2284 .removexattr = smb_full_audit_removexattr,
2285 .lremovexattr = smb_full_audit_lremovexattr,
2286 .fremovexattr = smb_full_audit_fremovexattr,
2287 .setxattr = smb_full_audit_setxattr,
2288 .lsetxattr = smb_full_audit_lsetxattr,
2289 .fsetxattr = smb_full_audit_fsetxattr,
2290 .aio_read = smb_full_audit_aio_read,
2291 .aio_write = smb_full_audit_aio_write,
2292 .aio_return_fn = smb_full_audit_aio_return,
2293 .aio_cancel = smb_full_audit_aio_cancel,
2294 .aio_error_fn = smb_full_audit_aio_error,
2295 .aio_fsync = smb_full_audit_aio_fsync,
2296 .aio_suspend = smb_full_audit_aio_suspend,
2297 .aio_force = smb_full_audit_aio_force,
2300 NTSTATUS vfs_full_audit_init(void)
2302 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2303 "full_audit", &vfs_full_audit_fns);
2305 if (!NT_STATUS_IS_OK(ret))
2308 vfs_full_audit_debug_level = debug_add_class("full_audit");
2309 if (vfs_full_audit_debug_level == -1) {
2310 vfs_full_audit_debug_level = DBGC_VFS;
2311 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2314 DEBUG(10, ("vfs_full_audit: Debug class number of "
2315 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / ira / wip.git / blob