65748db36f1873016f9a143ae52b4e43b86a39d2
[ira/wip.git] / source3 / modules / vfs_full_audit.c
1 /* 
2  * Auditing VFS module for samba.  Log selected file operations to syslog
3  * facility.
4  *
5  * Copyright (C) Tim Potter, 1999-2000
6  * Copyright (C) Alexander Bokovoy, 2002
7  * Copyright (C) John H Terpstra, 2003
8  * Copyright (C) Stefan (metze) Metzmacher, 2003
9  * Copyright (C) Volker Lendecke, 2004
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 3 of the License, or
14  * (at your option) any later version.
15  *  
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *  
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, see <http://www.gnu.org/licenses/>.
23  */
24
25 /*
26  * This module implements parseable logging for all Samba VFS operations.
27  *
28  * You use it as follows:
29  *
30  * [tmp]
31  * path = /tmp
32  * vfs objects = full_audit
33  * full_audit:prefix = %u|%I
34  * full_audit:success = open opendir
35  * full_audit:failure = all
36  *
37  * vfs op can be "all" which means log all operations.
38  * vfs op can be "none" which means no logging.
39  *
40  * This leads to syslog entries of the form:
41  * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42  * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
43  *
44  * where "nobody" is the connected username and "192.168.234.1" is the
45  * client's IP address. 
46  *
47  * Options:
48  *
49  * prefix: A macro expansion template prepended to the syslog entry.
50  *
51  * success: A list of VFS operations for which a successful completion should
52  * be logged. Defaults to no logging at all. The special operation "all" logs
53  * - you guessed it - everything.
54  *
55  * failure: A list of VFS operations for which failure to complete should be
56  * logged. Defaults to logging everything.
57  */
58
59
60 #include "includes.h"
61
62 extern userdom_struct current_user_info;
63
64 static int vfs_full_audit_debug_level = DBGC_VFS;
65
66 struct vfs_full_audit_private_data {
67         struct bitmap *success_ops;
68         struct bitmap *failure_ops;
69 };
70
71 #undef DBGC_CLASS
72 #define DBGC_CLASS vfs_full_audit_debug_level
73
74 /* Function prototypes */
75
76 static int smb_full_audit_connect(vfs_handle_struct *handle,
77                          const char *svc, const char *user);
78 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
79 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
80                                     const char *path,
81                                     BOOL small_query, SMB_BIG_UINT *bsize, 
82                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
83 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
84                            enum SMB_QUOTA_TYPE qtype, unid_t id,
85                            SMB_DISK_QUOTA *qt);
86 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
87                            enum SMB_QUOTA_TYPE qtype, unid_t id,
88                            SMB_DISK_QUOTA *qt);
89 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
90                                 struct files_struct *fsp,
91                                 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels);
92 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
93                                 const char *path,
94                                 struct vfs_statvfs_struct *statbuf);
95
96 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
97                           const char *fname, const char *mask, uint32 attr);
98 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
99                                     SMB_STRUCT_DIR *dirp);
100 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
101                         SMB_STRUCT_DIR *dirp, long offset);
102 static long smb_full_audit_telldir(vfs_handle_struct *handle,
103                         SMB_STRUCT_DIR *dirp);
104 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
105                         SMB_STRUCT_DIR *dirp);
106 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
107                        const char *path, mode_t mode);
108 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
109                        const char *path);
110 static int smb_full_audit_closedir(vfs_handle_struct *handle,
111                           SMB_STRUCT_DIR *dirp);
112 static int smb_full_audit_open(vfs_handle_struct *handle,
113                       const char *fname, files_struct *fsp, int flags, mode_t mode);
114 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
115 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
116                           int fd, void *data, size_t n);
117 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
118                            int fd, void *data, size_t n, SMB_OFF_T offset);
119 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
120                            int fd, const void *data, size_t n);
121 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
122                             int fd, const void *data, size_t n,
123                             SMB_OFF_T offset);
124 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
125                              int filedes, SMB_OFF_T offset, int whence);
126 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
127                               files_struct *fsp, int fromfd,
128                               const DATA_BLOB *hdr, SMB_OFF_T offset,
129                               size_t n);
130 static int smb_full_audit_rename(vfs_handle_struct *handle,
131                         const char *oldname, const char *newname);
132 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
133 static int smb_full_audit_stat(vfs_handle_struct *handle,
134                       const char *fname, SMB_STRUCT_STAT *sbuf);
135 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
136                        SMB_STRUCT_STAT *sbuf);
137 static int smb_full_audit_lstat(vfs_handle_struct *handle,
138                        const char *path, SMB_STRUCT_STAT *sbuf);
139 static int smb_full_audit_unlink(vfs_handle_struct *handle,
140                         const char *path);
141 static int smb_full_audit_chmod(vfs_handle_struct *handle,
142                        const char *path, mode_t mode);
143 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
144                         mode_t mode);
145 static int smb_full_audit_chown(vfs_handle_struct *handle,
146                        const char *path, uid_t uid, gid_t gid);
147 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
148                         uid_t uid, gid_t gid);
149 static int smb_full_audit_lchown(vfs_handle_struct *handle,
150                        const char *path, uid_t uid, gid_t gid);
151 static int smb_full_audit_chdir(vfs_handle_struct *handle,
152                        const char *path);
153 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
154                          char *path);
155 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
156                        const char *path, const struct timespec ts[2]);
157 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
158                            int fd, SMB_OFF_T len);
159 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
160                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
161 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
162                                        struct files_struct *fsp, int fd,
163                                        uint32 share_mode);
164 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
165                                         int fd, int leasetype);
166 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
167                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
168 static int smb_full_audit_symlink(vfs_handle_struct *handle,
169                          const char *oldpath, const char *newpath);
170 static int smb_full_audit_readlink(vfs_handle_struct *handle,
171                           const char *path, char *buf, size_t bufsiz);
172 static int smb_full_audit_link(vfs_handle_struct *handle,
173                       const char *oldpath, const char *newpath);
174 static int smb_full_audit_mknod(vfs_handle_struct *handle,
175                        const char *pathname, mode_t mode, SMB_DEV_T dev);
176 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
177                             const char *path, char *resolved_path);
178 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
179                         struct sys_notify_context *ctx,
180                         struct notify_entry *e,
181                         void (*callback)(struct sys_notify_context *ctx,
182                                         void *private_data,
183                                         struct notify_event *ev),
184                         void *private_data, void *handle_p);
185 static int smb_full_audit_chflags(vfs_handle_struct *handle,
186                             const char *path, uint flags);
187 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
188                                 int fd, uint32 security_info,
189                                 SEC_DESC **ppdesc);
190 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
191                                const char *name, uint32 security_info,
192                                SEC_DESC **ppdesc);
193 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
194                               int fd, uint32 security_info_sent,
195                               SEC_DESC *psd);
196 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
197                              const char *name, uint32 security_info_sent,
198                              SEC_DESC *psd);
199 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
200                            const char *path, mode_t mode);
201 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
202                             int fd, mode_t mode);
203 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
204                                    SMB_ACL_T theacl, int entry_id,
205                                    SMB_ACL_ENTRY_T *entry_p);
206 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
207                                       SMB_ACL_ENTRY_T entry_d,
208                                       SMB_ACL_TAG_T *tag_type_p);
209 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
210                                      SMB_ACL_ENTRY_T entry_d,
211                                      SMB_ACL_PERMSET_T *permset_p);
212 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
213                                           SMB_ACL_ENTRY_T entry_d);
214 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
215                                         const char *path_p,
216                                         SMB_ACL_TYPE_T type);
217 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
218                                       files_struct *fsp,
219                                       int fd);
220 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
221                                      SMB_ACL_PERMSET_T permset);
222 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
223                                   SMB_ACL_PERMSET_T permset,
224                                   SMB_ACL_PERM_T perm);
225 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
226                                     SMB_ACL_T theacl,
227                                     ssize_t *plen);
228 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
229                                     int count);
230 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
231                                       SMB_ACL_T *pacl,
232                                       SMB_ACL_ENTRY_T *pentry);
233 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
234                                       SMB_ACL_ENTRY_T entry,
235                                       SMB_ACL_TAG_T tagtype);
236 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
237                                        SMB_ACL_ENTRY_T entry,
238                                        void *qual);
239 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
240                                      SMB_ACL_ENTRY_T entry,
241                                      SMB_ACL_PERMSET_T permset);
242 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
243                                SMB_ACL_T theacl );
244 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
245                                   const char *name, SMB_ACL_TYPE_T acltype,
246                                   SMB_ACL_T theacl);
247 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
248                                 int fd, SMB_ACL_T theacl);
249 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
250                                          const char *path);
251 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
252                                   SMB_ACL_PERMSET_T permset,
253                                   SMB_ACL_PERM_T perm);
254 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
255                                    char *text);
256 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
257                                   SMB_ACL_T posix_acl);
258 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
259                                         void *qualifier,
260                                         SMB_ACL_TAG_T tagtype);
261 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
262                               const char *path,
263                               const char *name, void *value, size_t size);
264 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
265                                const char *path, const char *name,
266                                void *value, size_t size);
267 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
268                                struct files_struct *fsp, int fd,
269                                const char *name, void *value, size_t size);
270 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
271                                const char *path, char *list, size_t size);
272 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
273                                 const char *path, char *list, size_t size);
274 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
275                                 struct files_struct *fsp, int fd, char *list,
276                                 size_t size);
277 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
278                              const char *path,
279                              const char *name);
280 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
281                               const char *path,
282                               const char *name);
283 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
284                               struct files_struct *fsp, int fd,
285                               const char *name);
286 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
287                           const char *path,
288                           const char *name, const void *value, size_t size,
289                           int flags);
290 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
291                            const char *path,
292                            const char *name, const void *value, size_t size,
293                            int flags);
294 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
295                            struct files_struct *fsp, int fd, const char *name,
296                            const void *value, size_t size, int flags);
297
298 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
299 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
300 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
301 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb);
302 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
303 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
304 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
305
306 /* VFS operations */
307
308 static vfs_op_tuple audit_op_tuples[] = {
309     
310         /* Disk operations */
311
312         {SMB_VFS_OP(smb_full_audit_connect),    SMB_VFS_OP_CONNECT,
313          SMB_VFS_LAYER_LOGGER},
314         {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
315          SMB_VFS_LAYER_LOGGER},
316         {SMB_VFS_OP(smb_full_audit_disk_free),  SMB_VFS_OP_DISK_FREE,
317          SMB_VFS_LAYER_LOGGER},
318         {SMB_VFS_OP(smb_full_audit_get_quota),  SMB_VFS_OP_GET_QUOTA,
319          SMB_VFS_LAYER_LOGGER},
320         {SMB_VFS_OP(smb_full_audit_set_quota),  SMB_VFS_OP_SET_QUOTA,
321          SMB_VFS_LAYER_LOGGER},
322         {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
323          SMB_VFS_LAYER_LOGGER},
324         {SMB_VFS_OP(smb_full_audit_statvfs),    SMB_VFS_OP_STATVFS,
325          SMB_VFS_LAYER_LOGGER},
326
327         /* Directory operations */
328
329         {SMB_VFS_OP(smb_full_audit_opendir),    SMB_VFS_OP_OPENDIR,
330          SMB_VFS_LAYER_LOGGER},
331         {SMB_VFS_OP(smb_full_audit_readdir),    SMB_VFS_OP_READDIR,
332          SMB_VFS_LAYER_LOGGER},
333         {SMB_VFS_OP(smb_full_audit_seekdir),    SMB_VFS_OP_SEEKDIR,
334          SMB_VFS_LAYER_LOGGER},
335         {SMB_VFS_OP(smb_full_audit_telldir),    SMB_VFS_OP_TELLDIR,
336          SMB_VFS_LAYER_LOGGER},
337         {SMB_VFS_OP(smb_full_audit_rewinddir),  SMB_VFS_OP_REWINDDIR,
338          SMB_VFS_LAYER_LOGGER},
339         {SMB_VFS_OP(smb_full_audit_mkdir),      SMB_VFS_OP_MKDIR,
340          SMB_VFS_LAYER_LOGGER},
341         {SMB_VFS_OP(smb_full_audit_rmdir),      SMB_VFS_OP_RMDIR,
342          SMB_VFS_LAYER_LOGGER},
343         {SMB_VFS_OP(smb_full_audit_closedir),   SMB_VFS_OP_CLOSEDIR,
344          SMB_VFS_LAYER_LOGGER},
345
346         /* File operations */
347
348         {SMB_VFS_OP(smb_full_audit_open),       SMB_VFS_OP_OPEN,
349          SMB_VFS_LAYER_LOGGER},
350         {SMB_VFS_OP(smb_full_audit_close),      SMB_VFS_OP_CLOSE,
351          SMB_VFS_LAYER_LOGGER},
352         {SMB_VFS_OP(smb_full_audit_read),       SMB_VFS_OP_READ,
353          SMB_VFS_LAYER_LOGGER},
354         {SMB_VFS_OP(smb_full_audit_pread),      SMB_VFS_OP_PREAD,
355          SMB_VFS_LAYER_LOGGER},
356         {SMB_VFS_OP(smb_full_audit_write),      SMB_VFS_OP_WRITE,
357          SMB_VFS_LAYER_LOGGER},
358         {SMB_VFS_OP(smb_full_audit_pwrite),     SMB_VFS_OP_PWRITE,
359          SMB_VFS_LAYER_LOGGER},
360         {SMB_VFS_OP(smb_full_audit_lseek),      SMB_VFS_OP_LSEEK,
361          SMB_VFS_LAYER_LOGGER},
362         {SMB_VFS_OP(smb_full_audit_sendfile),   SMB_VFS_OP_SENDFILE,
363          SMB_VFS_LAYER_LOGGER},
364         {SMB_VFS_OP(smb_full_audit_rename),     SMB_VFS_OP_RENAME,
365          SMB_VFS_LAYER_LOGGER},
366         {SMB_VFS_OP(smb_full_audit_fsync),      SMB_VFS_OP_FSYNC,
367          SMB_VFS_LAYER_LOGGER},
368         {SMB_VFS_OP(smb_full_audit_stat),       SMB_VFS_OP_STAT,
369          SMB_VFS_LAYER_LOGGER},
370         {SMB_VFS_OP(smb_full_audit_fstat),      SMB_VFS_OP_FSTAT,
371          SMB_VFS_LAYER_LOGGER},
372         {SMB_VFS_OP(smb_full_audit_lstat),      SMB_VFS_OP_LSTAT,
373          SMB_VFS_LAYER_LOGGER},
374         {SMB_VFS_OP(smb_full_audit_unlink),     SMB_VFS_OP_UNLINK,
375          SMB_VFS_LAYER_LOGGER},
376         {SMB_VFS_OP(smb_full_audit_chmod),      SMB_VFS_OP_CHMOD,
377          SMB_VFS_LAYER_LOGGER},
378         {SMB_VFS_OP(smb_full_audit_fchmod),     SMB_VFS_OP_FCHMOD,
379          SMB_VFS_LAYER_LOGGER},
380         {SMB_VFS_OP(smb_full_audit_chown),      SMB_VFS_OP_CHOWN,
381          SMB_VFS_LAYER_LOGGER},
382         {SMB_VFS_OP(smb_full_audit_fchown),     SMB_VFS_OP_FCHOWN,
383          SMB_VFS_LAYER_LOGGER},
384         {SMB_VFS_OP(smb_full_audit_lchown),     SMB_VFS_OP_LCHOWN,
385          SMB_VFS_LAYER_LOGGER},
386         {SMB_VFS_OP(smb_full_audit_chdir),      SMB_VFS_OP_CHDIR,
387          SMB_VFS_LAYER_LOGGER},
388         {SMB_VFS_OP(smb_full_audit_getwd),      SMB_VFS_OP_GETWD,
389          SMB_VFS_LAYER_LOGGER},
390         {SMB_VFS_OP(smb_full_audit_ntimes),     SMB_VFS_OP_NTIMES,
391          SMB_VFS_LAYER_LOGGER},
392         {SMB_VFS_OP(smb_full_audit_ftruncate),  SMB_VFS_OP_FTRUNCATE,
393          SMB_VFS_LAYER_LOGGER},
394         {SMB_VFS_OP(smb_full_audit_lock),       SMB_VFS_OP_LOCK,
395          SMB_VFS_LAYER_LOGGER},
396         {SMB_VFS_OP(smb_full_audit_kernel_flock),       SMB_VFS_OP_KERNEL_FLOCK,
397          SMB_VFS_LAYER_LOGGER},
398         {SMB_VFS_OP(smb_full_audit_linux_setlease),       SMB_VFS_OP_LINUX_SETLEASE,
399          SMB_VFS_LAYER_LOGGER},
400         {SMB_VFS_OP(smb_full_audit_getlock),    SMB_VFS_OP_GETLOCK,
401          SMB_VFS_LAYER_LOGGER},
402         {SMB_VFS_OP(smb_full_audit_symlink),    SMB_VFS_OP_SYMLINK,
403          SMB_VFS_LAYER_LOGGER},
404         {SMB_VFS_OP(smb_full_audit_readlink),   SMB_VFS_OP_READLINK,
405          SMB_VFS_LAYER_LOGGER},
406         {SMB_VFS_OP(smb_full_audit_link),       SMB_VFS_OP_LINK,
407          SMB_VFS_LAYER_LOGGER},
408         {SMB_VFS_OP(smb_full_audit_mknod),      SMB_VFS_OP_MKNOD,
409          SMB_VFS_LAYER_LOGGER},
410         {SMB_VFS_OP(smb_full_audit_realpath),   SMB_VFS_OP_REALPATH,
411          SMB_VFS_LAYER_LOGGER},
412         {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
413          SMB_VFS_LAYER_LOGGER},
414         {SMB_VFS_OP(smb_full_audit_chflags),    SMB_VFS_OP_CHFLAGS,
415          SMB_VFS_LAYER_LOGGER},
416
417         /* NT ACL operations. */
418
419         {SMB_VFS_OP(smb_full_audit_fget_nt_acl),        SMB_VFS_OP_FGET_NT_ACL,
420          SMB_VFS_LAYER_LOGGER},
421         {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
422          SMB_VFS_LAYER_LOGGER},
423         {SMB_VFS_OP(smb_full_audit_fset_nt_acl),        SMB_VFS_OP_FSET_NT_ACL,
424          SMB_VFS_LAYER_LOGGER},
425         {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
426          SMB_VFS_LAYER_LOGGER},
427
428         /* POSIX ACL operations. */
429
430         {SMB_VFS_OP(smb_full_audit_chmod_acl),  SMB_VFS_OP_CHMOD_ACL,
431          SMB_VFS_LAYER_LOGGER},
432         {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
433          SMB_VFS_LAYER_LOGGER},
434         {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry),  SMB_VFS_OP_SYS_ACL_GET_ENTRY,
435          SMB_VFS_LAYER_LOGGER},
436         {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type),       SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
437          SMB_VFS_LAYER_LOGGER},
438         {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset),        SMB_VFS_OP_SYS_ACL_GET_PERMSET,
439          SMB_VFS_LAYER_LOGGER},
440         {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier),      SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
441          SMB_VFS_LAYER_LOGGER},
442         {SMB_VFS_OP(smb_full_audit_sys_acl_get_file),   SMB_VFS_OP_SYS_ACL_GET_FILE,
443          SMB_VFS_LAYER_LOGGER},
444         {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd),     SMB_VFS_OP_SYS_ACL_GET_FD,
445          SMB_VFS_LAYER_LOGGER},
446         {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms),        SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
447          SMB_VFS_LAYER_LOGGER},
448         {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm),   SMB_VFS_OP_SYS_ACL_ADD_PERM,
449          SMB_VFS_LAYER_LOGGER},
450         {SMB_VFS_OP(smb_full_audit_sys_acl_to_text),    SMB_VFS_OP_SYS_ACL_TO_TEXT,
451          SMB_VFS_LAYER_LOGGER},
452         {SMB_VFS_OP(smb_full_audit_sys_acl_init),       SMB_VFS_OP_SYS_ACL_INIT,
453          SMB_VFS_LAYER_LOGGER},
454         {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry),       SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
455          SMB_VFS_LAYER_LOGGER},
456         {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type),       SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
457          SMB_VFS_LAYER_LOGGER},
458         {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier),      SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
459          SMB_VFS_LAYER_LOGGER},
460         {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset),        SMB_VFS_OP_SYS_ACL_SET_PERMSET,
461          SMB_VFS_LAYER_LOGGER},
462         {SMB_VFS_OP(smb_full_audit_sys_acl_valid),      SMB_VFS_OP_SYS_ACL_VALID,
463          SMB_VFS_LAYER_LOGGER},
464         {SMB_VFS_OP(smb_full_audit_sys_acl_set_file),   SMB_VFS_OP_SYS_ACL_SET_FILE,
465          SMB_VFS_LAYER_LOGGER},
466         {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd),     SMB_VFS_OP_SYS_ACL_SET_FD,
467          SMB_VFS_LAYER_LOGGER},
468         {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file),    SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
469          SMB_VFS_LAYER_LOGGER},
470         {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm),   SMB_VFS_OP_SYS_ACL_GET_PERM,
471          SMB_VFS_LAYER_LOGGER},
472         {SMB_VFS_OP(smb_full_audit_sys_acl_free_text),  SMB_VFS_OP_SYS_ACL_FREE_TEXT,
473          SMB_VFS_LAYER_LOGGER},
474         {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl),   SMB_VFS_OP_SYS_ACL_FREE_ACL,
475          SMB_VFS_LAYER_LOGGER},
476         {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier),     SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
477          SMB_VFS_LAYER_LOGGER},
478         
479         /* EA operations. */
480
481         {SMB_VFS_OP(smb_full_audit_getxattr),   SMB_VFS_OP_GETXATTR,
482          SMB_VFS_LAYER_LOGGER},
483         {SMB_VFS_OP(smb_full_audit_lgetxattr),  SMB_VFS_OP_LGETXATTR,
484          SMB_VFS_LAYER_LOGGER},
485         {SMB_VFS_OP(smb_full_audit_fgetxattr),  SMB_VFS_OP_FGETXATTR,
486          SMB_VFS_LAYER_LOGGER},
487         {SMB_VFS_OP(smb_full_audit_listxattr),  SMB_VFS_OP_LISTXATTR,
488          SMB_VFS_LAYER_LOGGER},
489         {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
490          SMB_VFS_LAYER_LOGGER},
491         {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
492          SMB_VFS_LAYER_LOGGER},
493         {SMB_VFS_OP(smb_full_audit_removexattr),        SMB_VFS_OP_REMOVEXATTR,
494          SMB_VFS_LAYER_LOGGER},
495         {SMB_VFS_OP(smb_full_audit_lremovexattr),       SMB_VFS_OP_LREMOVEXATTR,
496          SMB_VFS_LAYER_LOGGER},
497         {SMB_VFS_OP(smb_full_audit_fremovexattr),       SMB_VFS_OP_FREMOVEXATTR,
498          SMB_VFS_LAYER_LOGGER},
499         {SMB_VFS_OP(smb_full_audit_setxattr),   SMB_VFS_OP_SETXATTR,
500          SMB_VFS_LAYER_LOGGER},
501         {SMB_VFS_OP(smb_full_audit_lsetxattr),  SMB_VFS_OP_LSETXATTR,
502          SMB_VFS_LAYER_LOGGER},
503         {SMB_VFS_OP(smb_full_audit_fsetxattr),  SMB_VFS_OP_FSETXATTR,
504          SMB_VFS_LAYER_LOGGER},
505         
506         {SMB_VFS_OP(smb_full_audit_aio_read),   SMB_VFS_OP_AIO_READ,
507          SMB_VFS_LAYER_LOGGER},
508         {SMB_VFS_OP(smb_full_audit_aio_write),  SMB_VFS_OP_AIO_WRITE,
509          SMB_VFS_LAYER_LOGGER},
510         {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
511          SMB_VFS_LAYER_LOGGER},
512         {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
513          SMB_VFS_LAYER_LOGGER},
514         {SMB_VFS_OP(smb_full_audit_aio_error),  SMB_VFS_OP_AIO_ERROR,
515          SMB_VFS_LAYER_LOGGER},
516         {SMB_VFS_OP(smb_full_audit_aio_fsync),  SMB_VFS_OP_AIO_FSYNC,
517          SMB_VFS_LAYER_LOGGER},
518         {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
519          SMB_VFS_LAYER_LOGGER},
520
521         /* Finish VFS operations definition */
522         
523         {SMB_VFS_OP(NULL),              SMB_VFS_OP_NOOP,
524          SMB_VFS_LAYER_NOOP}
525 };
526
527 /* The following array *must* be in the same order as defined in vfs.h */
528
529 static struct {
530         vfs_op_type type;
531         const char *name;
532 } vfs_op_names[] = {
533         { SMB_VFS_OP_CONNECT,   "connect" },
534         { SMB_VFS_OP_DISCONNECT,        "disconnect" },
535         { SMB_VFS_OP_DISK_FREE, "disk_free" },
536         { SMB_VFS_OP_GET_QUOTA, "get_quota" },
537         { SMB_VFS_OP_SET_QUOTA, "set_quota" },
538         { SMB_VFS_OP_GET_SHADOW_COPY_DATA,      "get_shadow_copy_data" },
539         { SMB_VFS_OP_STATVFS,   "statvfs" },
540         { SMB_VFS_OP_OPENDIR,   "opendir" },
541         { SMB_VFS_OP_READDIR,   "readdir" },
542         { SMB_VFS_OP_SEEKDIR,   "seekdir" },
543         { SMB_VFS_OP_TELLDIR,   "telldir" },
544         { SMB_VFS_OP_REWINDDIR, "rewinddir" },
545         { SMB_VFS_OP_MKDIR,     "mkdir" },
546         { SMB_VFS_OP_RMDIR,     "rmdir" },
547         { SMB_VFS_OP_CLOSEDIR,  "closedir" },
548         { SMB_VFS_OP_OPEN,      "open" },
549         { SMB_VFS_OP_CLOSE,     "close" },
550         { SMB_VFS_OP_READ,      "read" },
551         { SMB_VFS_OP_PREAD,     "pread" },
552         { SMB_VFS_OP_WRITE,     "write" },
553         { SMB_VFS_OP_PWRITE,    "pwrite" },
554         { SMB_VFS_OP_LSEEK,     "lseek" },
555         { SMB_VFS_OP_SENDFILE,  "sendfile" },
556         { SMB_VFS_OP_RENAME,    "rename" },
557         { SMB_VFS_OP_FSYNC,     "fsync" },
558         { SMB_VFS_OP_STAT,      "stat" },
559         { SMB_VFS_OP_FSTAT,     "fstat" },
560         { SMB_VFS_OP_LSTAT,     "lstat" },
561         { SMB_VFS_OP_UNLINK,    "unlink" },
562         { SMB_VFS_OP_CHMOD,     "chmod" },
563         { SMB_VFS_OP_FCHMOD,    "fchmod" },
564         { SMB_VFS_OP_CHOWN,     "chown" },
565         { SMB_VFS_OP_FCHOWN,    "fchown" },
566         { SMB_VFS_OP_LCHOWN,    "lchown" },
567         { SMB_VFS_OP_CHDIR,     "chdir" },
568         { SMB_VFS_OP_GETWD,     "getwd" },
569         { SMB_VFS_OP_NTIMES,    "ntimes" },
570         { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
571         { SMB_VFS_OP_LOCK,      "lock" },
572         { SMB_VFS_OP_KERNEL_FLOCK,      "kernel_flock" },
573         { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
574         { SMB_VFS_OP_GETLOCK,   "getlock" },
575         { SMB_VFS_OP_SYMLINK,   "symlink" },
576         { SMB_VFS_OP_READLINK,  "readlink" },
577         { SMB_VFS_OP_LINK,      "link" },
578         { SMB_VFS_OP_MKNOD,     "mknod" },
579         { SMB_VFS_OP_REALPATH,  "realpath" },
580         { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
581         { SMB_VFS_OP_CHFLAGS,   "chflags" },
582         { SMB_VFS_OP_FGET_NT_ACL,       "fget_nt_acl" },
583         { SMB_VFS_OP_GET_NT_ACL,        "get_nt_acl" },
584         { SMB_VFS_OP_FSET_NT_ACL,       "fset_nt_acl" },
585         { SMB_VFS_OP_SET_NT_ACL,        "set_nt_acl" },
586         { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
587         { SMB_VFS_OP_FCHMOD_ACL,        "fchmod_acl" },
588         { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
589         { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,      "sys_acl_get_tag_type" },
590         { SMB_VFS_OP_SYS_ACL_GET_PERMSET,       "sys_acl_get_permset" },
591         { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,     "sys_acl_get_qualifier" },
592         { SMB_VFS_OP_SYS_ACL_GET_FILE,  "sys_acl_get_file" },
593         { SMB_VFS_OP_SYS_ACL_GET_FD,    "sys_acl_get_fd" },
594         { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,       "sys_acl_clear_perms" },
595         { SMB_VFS_OP_SYS_ACL_ADD_PERM,  "sys_acl_add_perm" },
596         { SMB_VFS_OP_SYS_ACL_TO_TEXT,   "sys_acl_to_text" },
597         { SMB_VFS_OP_SYS_ACL_INIT,      "sys_acl_init" },
598         { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,      "sys_acl_create_entry" },
599         { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,      "sys_acl_set_tag_type" },
600         { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,     "sys_acl_set_qualifier" },
601         { SMB_VFS_OP_SYS_ACL_SET_PERMSET,       "sys_acl_set_permset" },
602         { SMB_VFS_OP_SYS_ACL_VALID,     "sys_acl_valid" },
603         { SMB_VFS_OP_SYS_ACL_SET_FILE,  "sys_acl_set_file" },
604         { SMB_VFS_OP_SYS_ACL_SET_FD,    "sys_acl_set_fd" },
605         { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,   "sys_acl_delete_def_file" },
606         { SMB_VFS_OP_SYS_ACL_GET_PERM,  "sys_acl_get_perm" },
607         { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
608         { SMB_VFS_OP_SYS_ACL_FREE_ACL,  "sys_acl_free_acl" },
609         { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,    "sys_acl_free_qualifier" },
610         { SMB_VFS_OP_GETXATTR,  "getxattr" },
611         { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
612         { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
613         { SMB_VFS_OP_LISTXATTR, "listxattr" },
614         { SMB_VFS_OP_LLISTXATTR,        "llistxattr" },
615         { SMB_VFS_OP_FLISTXATTR,        "flistxattr" },
616         { SMB_VFS_OP_REMOVEXATTR,       "removexattr" },
617         { SMB_VFS_OP_LREMOVEXATTR,      "lremovexattr" },
618         { SMB_VFS_OP_FREMOVEXATTR,      "fremovexattr" },
619         { SMB_VFS_OP_SETXATTR,  "setxattr" },
620         { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
621         { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
622         { SMB_VFS_OP_AIO_READ,  "aio_read" },
623         { SMB_VFS_OP_AIO_WRITE, "aio_write" },
624         { SMB_VFS_OP_AIO_RETURN,"aio_return" },
625         { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
626         { SMB_VFS_OP_AIO_ERROR, "aio_error" },
627         { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
628         { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
629         { SMB_VFS_OP_LAST, NULL }
630 };      
631
632 static int audit_syslog_facility(vfs_handle_struct *handle)
633 {
634         static const struct enum_list enum_log_facilities[] = {
635                 { LOG_USER, "USER" },
636                 { LOG_LOCAL0, "LOCAL0" },
637                 { LOG_LOCAL1, "LOCAL1" },
638                 { LOG_LOCAL2, "LOCAL2" },
639                 { LOG_LOCAL3, "LOCAL3" },
640                 { LOG_LOCAL4, "LOCAL4" },
641                 { LOG_LOCAL5, "LOCAL5" },
642                 { LOG_LOCAL6, "LOCAL6" },
643                 { LOG_LOCAL7, "LOCAL7" }
644         };
645
646         int facility;
647
648         facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
649
650         return facility;
651 }
652
653 static int audit_syslog_priority(vfs_handle_struct *handle)
654 {
655         static const struct enum_list enum_log_priorities[] = {
656                 { LOG_EMERG, "EMERG" },
657                 { LOG_ALERT, "ALERT" },
658                 { LOG_CRIT, "CRIT" },
659                 { LOG_ERR, "ERR" },
660                 { LOG_WARNING, "WARNING" },
661                 { LOG_NOTICE, "NOTICE" },
662                 { LOG_INFO, "INFO" },
663                 { LOG_DEBUG, "DEBUG" }
664         };
665
666         int priority;
667
668         priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
669
670         return priority;
671 }
672
673 static char *audit_prefix(connection_struct *conn)
674 {
675         static pstring prefix;
676
677         pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
678                                              "prefix", "%u|%I"));
679         standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
680                               conn->connectpath, conn->gid,
681                               get_current_username(),
682                               current_user_info.domain,
683                               prefix, sizeof(prefix));
684         return prefix;
685 }
686
687 static BOOL log_success(vfs_handle_struct *handle, vfs_op_type op)
688 {
689         struct vfs_full_audit_private_data *pd = NULL;
690
691         SMB_VFS_HANDLE_GET_DATA(handle, pd,
692                 struct vfs_full_audit_private_data,
693                 return True);
694
695         if (pd->success_ops == NULL) {
696                 return True;
697         }
698
699         return bitmap_query(pd->success_ops, op);
700 }
701
702 static BOOL log_failure(vfs_handle_struct *handle, vfs_op_type op)
703 {
704         struct vfs_full_audit_private_data *pd = NULL;
705
706         SMB_VFS_HANDLE_GET_DATA(handle, pd,
707                 struct vfs_full_audit_private_data,
708                 return True);
709
710         if (pd->failure_ops == NULL)
711                 return True;
712
713         return bitmap_query(pd->failure_ops, op);
714 }
715
716 static void init_bitmap(struct bitmap **bm, const char **ops)
717 {
718         BOOL log_all = False;
719
720         if (*bm != NULL)
721                 return;
722
723         *bm = bitmap_allocate(SMB_VFS_OP_LAST);
724
725         if (*bm == NULL) {
726                 DEBUG(0, ("Could not alloc bitmap -- "
727                           "defaulting to logging everything\n"));
728                 return;
729         }
730
731         while (*ops != NULL) {
732                 int i;
733                 BOOL found = False;
734
735                 if (strequal(*ops, "all")) {
736                         log_all = True;
737                         break;
738                 }
739
740                 if (strequal(*ops, "none")) {
741                         break;
742                 }
743
744                 for (i=0; i<SMB_VFS_OP_LAST; i++) {
745                         if (vfs_op_names[i].name == NULL) {
746                                 smb_panic("vfs_full_audit.c: name table not "
747                                           "in sync with vfs.h\n");
748                         }
749
750                         if (strequal(*ops, vfs_op_names[i].name)) {
751                                 bitmap_set(*bm, i);
752                                 found = True;
753                         }
754                 }
755                 if (!found) {
756                         DEBUG(0, ("Could not find opname %s, logging all\n",
757                                   *ops));
758                         log_all = True;
759                         break;
760                 }
761                 ops += 1;
762         }
763
764         if (log_all) {
765                 /* The query functions default to True */
766                 bitmap_free(*bm);
767                 *bm = NULL;
768         }
769 }
770
771 static const char *audit_opname(vfs_op_type op)
772 {
773         if (op >= SMB_VFS_OP_LAST)
774                 return "INVALID VFS OP";
775         return vfs_op_names[op].name;
776 }
777
778 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
779                    const char *format, ...)
780 {
781         fstring err_msg;
782         pstring op_msg;
783         va_list ap;
784
785         if (success && (!log_success(handle, op)))
786                 return;
787
788         if (!success && (!log_failure(handle, op)))
789                 return;
790
791         if (success)
792                 fstrcpy(err_msg, "ok");
793         else
794                 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
795
796         va_start(ap, format);
797         vsnprintf(op_msg, sizeof(op_msg), format, ap);
798         va_end(ap);
799
800         syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
801                audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
802
803         return;
804 }
805
806 /* Free function for the private data. */
807
808 static void free_private_data(void **p_data)
809 {
810         struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
811
812         if (pd->success_ops) {
813                 bitmap_free(pd->success_ops);
814         }
815         if (pd->failure_ops) {
816                 bitmap_free(pd->failure_ops);
817         }
818         SAFE_FREE(pd);
819         *p_data = NULL;
820 }
821
822 /* Implementation of vfs_ops.  Pass everything on to the default
823    operation but log event first. */
824
825 static int smb_full_audit_connect(vfs_handle_struct *handle,
826                          const char *svc, const char *user)
827 {
828         int result;
829         struct vfs_full_audit_private_data *pd = NULL;
830         const char *none[] = { NULL };
831         const char *all [] = { "all" };
832
833         if (!handle) {
834                 return -1;
835         }
836
837         pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
838         if (!pd) {
839                 return -1;
840         }
841         ZERO_STRUCTP(pd);
842
843         openlog("smbd_audit", 0, audit_syslog_facility(handle));
844
845         init_bitmap(&pd->success_ops,
846                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
847                                         none));
848         init_bitmap(&pd->failure_ops,
849                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
850                                         all));
851
852         /* Store the private data. */
853         SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
854                                 struct vfs_full_audit_private_data, return -1);
855
856         result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
857
858         do_log(SMB_VFS_OP_CONNECT, True, handle,
859                "%s", svc);
860
861         return result;
862 }
863
864 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
865 {
866         SMB_VFS_NEXT_DISCONNECT(handle);
867
868         do_log(SMB_VFS_OP_DISCONNECT, True, handle,
869                "%s", lp_servicename(SNUM(handle->conn)));
870
871         /* The bitmaps will be disconnected when the private
872            data is deleted. */
873
874         return;
875 }
876
877 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
878                                     const char *path,
879                                     BOOL small_query, SMB_BIG_UINT *bsize, 
880                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
881 {
882         SMB_BIG_UINT result;
883
884         result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
885                                         dfree, dsize);
886
887         /* Don't have a reasonable notion of failure here */
888
889         do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
890
891         return result;
892 }
893
894 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
895                            enum SMB_QUOTA_TYPE qtype, unid_t id,
896                            SMB_DISK_QUOTA *qt)
897 {
898         int result;
899
900         result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
901
902         do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
903
904         return result;
905 }
906
907         
908 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
909                            enum SMB_QUOTA_TYPE qtype, unid_t id,
910                            SMB_DISK_QUOTA *qt)
911 {
912         int result;
913
914         result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
915
916         do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
917
918         return result;
919 }
920
921 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
922                                 struct files_struct *fsp,
923                                 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels)
924 {
925         int result;
926
927         result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
928
929         do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
930
931         return result;
932 }
933
934 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
935                                 const char *path,
936                                 struct vfs_statvfs_struct *statbuf)
937 {
938         int result;
939
940         result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
941
942         do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
943
944         return result;
945 }
946
947 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
948                           const char *fname, const char *mask, uint32 attr)
949 {
950         SMB_STRUCT_DIR *result;
951
952         result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
953
954         do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
955
956         return result;
957 }
958
959 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
960                                     SMB_STRUCT_DIR *dirp)
961 {
962         SMB_STRUCT_DIRENT *result;
963
964         result = SMB_VFS_NEXT_READDIR(handle, dirp);
965
966         /* This operation has no reasonable error condition
967          * (End of dir is also failure), so always succeed.
968          */
969         do_log(SMB_VFS_OP_READDIR, True, handle, "");
970
971         return result;
972 }
973
974 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
975                         SMB_STRUCT_DIR *dirp, long offset)
976 {
977         SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
978
979         do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
980         return;
981 }
982
983 static long smb_full_audit_telldir(vfs_handle_struct *handle,
984                         SMB_STRUCT_DIR *dirp)
985 {
986         long result;
987
988         result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
989
990         do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
991
992         return result;
993 }
994
995 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
996                         SMB_STRUCT_DIR *dirp)
997 {
998         SMB_VFS_NEXT_REWINDDIR(handle, dirp);
999
1000         do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1001         return;
1002 }
1003
1004 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1005                        const char *path, mode_t mode)
1006 {
1007         int result;
1008         
1009         result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1010         
1011         do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1012
1013         return result;
1014 }
1015
1016 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1017                        const char *path)
1018 {
1019         int result;
1020         
1021         result = SMB_VFS_NEXT_RMDIR(handle, path);
1022
1023         do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1024
1025         return result;
1026 }
1027
1028 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1029                           SMB_STRUCT_DIR *dirp)
1030 {
1031         int result;
1032
1033         result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1034         
1035         do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1036
1037         return result;
1038 }
1039
1040 static int smb_full_audit_open(vfs_handle_struct *handle,
1041                       const char *fname, files_struct *fsp, int flags, mode_t mode)
1042 {
1043         int result;
1044         
1045         result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1046
1047         do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1048                ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1049                fname);
1050
1051         return result;
1052 }
1053
1054 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
1055 {
1056         int result;
1057         
1058         result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
1059
1060         do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1061
1062         return result;
1063 }
1064
1065 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1066                           int fd, void *data, size_t n)
1067 {
1068         ssize_t result;
1069
1070         result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
1071
1072         do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1073
1074         return result;
1075 }
1076
1077 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1078                            int fd, void *data, size_t n, SMB_OFF_T offset)
1079 {
1080         ssize_t result;
1081
1082         result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
1083
1084         do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1085
1086         return result;
1087 }
1088
1089 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1090                            int fd, const void *data, size_t n)
1091 {
1092         ssize_t result;
1093
1094         result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
1095
1096         do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1097
1098         return result;
1099 }
1100
1101 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1102                             int fd, const void *data, size_t n,
1103                             SMB_OFF_T offset)
1104 {
1105         ssize_t result;
1106
1107         result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
1108
1109         do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1110
1111         return result;
1112 }
1113
1114 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1115                              int filedes, SMB_OFF_T offset, int whence)
1116 {
1117         ssize_t result;
1118
1119         result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
1120
1121         do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1122                "%s", fsp->fsp_name);
1123
1124         return result;
1125 }
1126
1127 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1128                               files_struct *fsp, int fromfd,
1129                               const DATA_BLOB *hdr, SMB_OFF_T offset,
1130                               size_t n)
1131 {
1132         ssize_t result;
1133
1134         result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
1135                                        offset, n);
1136
1137         do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1138                "%s", fsp->fsp_name);
1139
1140         return result;
1141 }
1142
1143 static int smb_full_audit_rename(vfs_handle_struct *handle,
1144                         const char *oldname, const char *newname)
1145 {
1146         int result;
1147         
1148         result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1149
1150         do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1151
1152         return result;    
1153 }
1154
1155 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
1156 {
1157         int result;
1158         
1159         result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
1160
1161         do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1162
1163         return result;    
1164 }
1165
1166 static int smb_full_audit_stat(vfs_handle_struct *handle,
1167                       const char *fname, SMB_STRUCT_STAT *sbuf)
1168 {
1169         int result;
1170         
1171         result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1172
1173         do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1174
1175         return result;    
1176 }
1177
1178 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
1179                        SMB_STRUCT_STAT *sbuf)
1180 {
1181         int result;
1182         
1183         result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
1184
1185         do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1186
1187         return result;
1188 }
1189
1190 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1191                        const char *path, SMB_STRUCT_STAT *sbuf)
1192 {
1193         int result;
1194         
1195         result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1196
1197         do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1198
1199         return result;    
1200 }
1201
1202 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1203                         const char *path)
1204 {
1205         int result;
1206         
1207         result = SMB_VFS_NEXT_UNLINK(handle, path);
1208
1209         do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1210
1211         return result;
1212 }
1213
1214 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1215                        const char *path, mode_t mode)
1216 {
1217         int result;
1218
1219         result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1220
1221         do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1222
1223         return result;
1224 }
1225
1226 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1227                         mode_t mode)
1228 {
1229         int result;
1230         
1231         result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1232
1233         do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1234                "%s|%o", fsp->fsp_name, mode);
1235
1236         return result;
1237 }
1238
1239 static int smb_full_audit_chown(vfs_handle_struct *handle,
1240                        const char *path, uid_t uid, gid_t gid)
1241 {
1242         int result;
1243
1244         result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1245
1246         do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1247                path, (long int)uid, (long int)gid);
1248
1249         return result;
1250 }
1251
1252 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1253                         uid_t uid, gid_t gid)
1254 {
1255         int result;
1256
1257         result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1258
1259         do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1260                fsp->fsp_name, (long int)uid, (long int)gid);
1261
1262         return result;
1263 }
1264
1265 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1266                        const char *path, uid_t uid, gid_t gid)
1267 {
1268         int result;
1269
1270         result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1271
1272         do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1273                path, (long int)uid, (long int)gid);
1274
1275         return result;
1276 }
1277
1278 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1279                        const char *path)
1280 {
1281         int result;
1282
1283         result = SMB_VFS_NEXT_CHDIR(handle, path);
1284
1285         do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1286
1287         return result;
1288 }
1289
1290 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1291                          char *path)
1292 {
1293         char *result;
1294
1295         result = SMB_VFS_NEXT_GETWD(handle, path);
1296         
1297         do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1298
1299         return result;
1300 }
1301
1302 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1303                        const char *path, const struct timespec ts[2])
1304 {
1305         int result;
1306
1307         result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
1308
1309         do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1310
1311         return result;
1312 }
1313
1314 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1315                            int fd, SMB_OFF_T len)
1316 {
1317         int result;
1318
1319         result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1320
1321         do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1322                "%s", fsp->fsp_name);
1323
1324         return result;
1325 }
1326
1327 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1328                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1329 {
1330         BOOL result;
1331
1332         result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1333
1334         do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1335
1336         return result;
1337 }
1338
1339 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1340                                        struct files_struct *fsp, int fd,
1341                                        uint32 share_mode)
1342 {
1343         int result;
1344
1345         result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, fd, share_mode);
1346
1347         do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1348                fsp->fsp_name);
1349
1350         return result;
1351 }
1352
1353 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1354                                  int fd, int leasetype)
1355 {
1356         int result;
1357
1358         result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, fd, leasetype);
1359
1360         do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1361                fsp->fsp_name);
1362
1363         return result;
1364 }
1365
1366 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1367                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1368 {
1369         BOOL result;
1370
1371         result = SMB_VFS_NEXT_GETLOCK(handle, fsp, fd, poffset, pcount, ptype, ppid);
1372
1373         do_log(SMB_VFS_OP_GETLOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1374
1375         return result;
1376 }
1377
1378 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1379                          const char *oldpath, const char *newpath)
1380 {
1381         int result;
1382
1383         result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1384
1385         do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1386                "%s|%s", oldpath, newpath);
1387
1388         return result;
1389 }
1390
1391 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1392                           const char *path, char *buf, size_t bufsiz)
1393 {
1394         int result;
1395
1396         result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1397
1398         do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1399
1400         return result;
1401 }
1402
1403 static int smb_full_audit_link(vfs_handle_struct *handle,
1404                       const char *oldpath, const char *newpath)
1405 {
1406         int result;
1407
1408         result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1409
1410         do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1411                "%s|%s", oldpath, newpath);
1412
1413         return result;
1414 }
1415
1416 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1417                        const char *pathname, mode_t mode, SMB_DEV_T dev)
1418 {
1419         int result;
1420
1421         result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1422
1423         do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1424
1425         return result;
1426 }
1427
1428 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1429                             const char *path, char *resolved_path)
1430 {
1431         char *result;
1432
1433         result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1434
1435         do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1436
1437         return result;
1438 }
1439
1440 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1441                         struct sys_notify_context *ctx,
1442                         struct notify_entry *e,
1443                         void (*callback)(struct sys_notify_context *ctx,
1444                                         void *private_data,
1445                                         struct notify_event *ev),
1446                         void *private_data, void *handle_p)
1447 {
1448         NTSTATUS result;
1449
1450         result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1451
1452         do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1453
1454         return result;
1455 }
1456
1457 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1458                             const char *path, uint flags)
1459 {
1460         int result;
1461
1462         result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1463
1464         do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1465
1466         return result;
1467 }
1468
1469 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1470                                 int fd, uint32 security_info,
1471                                 SEC_DESC **ppdesc)
1472 {
1473         size_t result;
1474
1475         result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1476                                           ppdesc);
1477
1478         do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1479                "%s", fsp->fsp_name);
1480
1481         return result;
1482 }
1483
1484 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1485                                const char *name, uint32 security_info,
1486                                SEC_DESC **ppdesc)
1487 {
1488         size_t result;
1489
1490         result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1491                                          ppdesc);
1492
1493         do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1494                "%s", fsp->fsp_name);
1495
1496         return result;
1497 }
1498
1499 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1500                               int fd, uint32 security_info_sent,
1501                               SEC_DESC *psd)
1502 {
1503         NTSTATUS result;
1504
1505         result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1506                                           psd);
1507
1508         do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1509
1510         return result;
1511 }
1512
1513 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1514                              const char *name, uint32 security_info_sent,
1515                              SEC_DESC *psd)
1516 {
1517         NTSTATUS result;
1518
1519         result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1520                                          psd);
1521
1522         do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1523
1524         return result;
1525 }
1526
1527 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1528                            const char *path, mode_t mode)
1529 {
1530         int result;
1531         
1532         result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1533
1534         do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1535                "%s|%o", path, mode);
1536
1537         return result;
1538 }
1539
1540 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1541                             int fd, mode_t mode)
1542 {
1543         int result;
1544         
1545         result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1546
1547         do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1548                "%s|%o", fsp->fsp_name, mode);
1549
1550         return result;
1551 }
1552
1553 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1554
1555                                    SMB_ACL_T theacl, int entry_id,
1556                                    SMB_ACL_ENTRY_T *entry_p)
1557 {
1558         int result;
1559
1560         result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1561                                                 entry_p);
1562
1563         do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1564                "");
1565
1566         return result;
1567 }
1568
1569 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1570
1571                                       SMB_ACL_ENTRY_T entry_d,
1572                                       SMB_ACL_TAG_T *tag_type_p)
1573 {
1574         int result;
1575
1576         result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1577                                                    tag_type_p);
1578
1579         do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1580                "");
1581
1582         return result;
1583 }
1584
1585 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1586
1587                                      SMB_ACL_ENTRY_T entry_d,
1588                                      SMB_ACL_PERMSET_T *permset_p)
1589 {
1590         int result;
1591
1592         result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1593                                                   permset_p);
1594
1595         do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1596                "");
1597
1598         return result;
1599 }
1600
1601 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1602
1603                                           SMB_ACL_ENTRY_T entry_d)
1604 {
1605         void *result;
1606
1607         result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1608
1609         do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1610                "");
1611
1612         return result;
1613 }
1614
1615 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1616                                         const char *path_p,
1617                                         SMB_ACL_TYPE_T type)
1618 {
1619         SMB_ACL_T result;
1620
1621         result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1622
1623         do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1624                "%s", path_p);
1625
1626         return result;
1627 }
1628
1629 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1630                                       files_struct *fsp, int fd)
1631 {
1632         SMB_ACL_T result;
1633
1634         result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1635
1636         do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1637                "%s", fsp->fsp_name);
1638
1639         return result;
1640 }
1641
1642 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1643
1644                                      SMB_ACL_PERMSET_T permset)
1645 {
1646         int result;
1647
1648         result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1649
1650         do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1651                "");
1652
1653         return result;
1654 }
1655
1656 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1657
1658                                   SMB_ACL_PERMSET_T permset,
1659                                   SMB_ACL_PERM_T perm)
1660 {
1661         int result;
1662
1663         result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1664
1665         do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1666                "");
1667
1668         return result;
1669 }
1670
1671 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1672                                     SMB_ACL_T theacl,
1673                                     ssize_t *plen)
1674 {
1675         char * result;
1676
1677         result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1678
1679         do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1680                "");
1681
1682         return result;
1683 }
1684
1685 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1686
1687                                     int count)
1688 {
1689         SMB_ACL_T result;
1690
1691         result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1692
1693         do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1694                "");
1695
1696         return result;
1697 }
1698
1699 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1700                                       SMB_ACL_T *pacl,
1701                                       SMB_ACL_ENTRY_T *pentry)
1702 {
1703         int result;
1704
1705         result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1706
1707         do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1708                "");
1709
1710         return result;
1711 }
1712
1713 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1714
1715                                       SMB_ACL_ENTRY_T entry,
1716                                       SMB_ACL_TAG_T tagtype)
1717 {
1718         int result;
1719
1720         result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1721                                                    tagtype);
1722
1723         do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1724                "");
1725
1726         return result;
1727 }
1728
1729 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1730
1731                                        SMB_ACL_ENTRY_T entry,
1732                                        void *qual)
1733 {
1734         int result;
1735
1736         result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1737
1738         do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1739                "");
1740
1741         return result;
1742 }
1743
1744 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1745
1746                                      SMB_ACL_ENTRY_T entry,
1747                                      SMB_ACL_PERMSET_T permset)
1748 {
1749         int result;
1750
1751         result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1752
1753         do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1754                "");
1755
1756         return result;
1757 }
1758
1759 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1760
1761                                SMB_ACL_T theacl )
1762 {
1763         int result;
1764
1765         result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1766
1767         do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1768                "");
1769
1770         return result;
1771 }
1772
1773 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1774
1775                                   const char *name, SMB_ACL_TYPE_T acltype,
1776                                   SMB_ACL_T theacl)
1777 {
1778         int result;
1779
1780         result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1781                                                theacl);
1782
1783         do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1784                "%s", name);
1785
1786         return result;
1787 }
1788
1789 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1790                                 int fd, SMB_ACL_T theacl)
1791 {
1792         int result;
1793
1794         result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1795
1796         do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1797                "%s", fsp->fsp_name);
1798
1799         return result;
1800 }
1801
1802 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1803
1804                                          const char *path)
1805 {
1806         int result;
1807
1808         result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1809
1810         do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1811                "%s", path);
1812
1813         return result;
1814 }
1815
1816 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1817
1818                                   SMB_ACL_PERMSET_T permset,
1819                                   SMB_ACL_PERM_T perm)
1820 {
1821         int result;
1822
1823         result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1824
1825         do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1826                "");
1827
1828         return result;
1829 }
1830
1831 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1832
1833                                    char *text)
1834 {
1835         int result;
1836
1837         result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1838
1839         do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1840                "");
1841
1842         return result;
1843 }
1844
1845 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1846
1847                                   SMB_ACL_T posix_acl)
1848 {
1849         int result;
1850
1851         result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1852
1853         do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1854                "");
1855
1856         return result;
1857 }
1858
1859 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1860                                         void *qualifier,
1861                                         SMB_ACL_TAG_T tagtype)
1862 {
1863         int result;
1864
1865         result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1866                                                      tagtype);
1867
1868         do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1869                "");
1870
1871         return result;
1872 }
1873
1874 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1875                               const char *path,
1876                               const char *name, void *value, size_t size)
1877 {
1878         ssize_t result;
1879
1880         result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1881
1882         do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1883                "%s|%s", path, name);
1884
1885         return result;
1886 }
1887
1888 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1889                                const char *path, const char *name,
1890                                void *value, size_t size)
1891 {
1892         ssize_t result;
1893
1894         result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1895
1896         do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1897                "%s|%s", path, name);
1898
1899         return result;
1900 }
1901
1902 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1903                                struct files_struct *fsp, int fd,
1904                                const char *name, void *value, size_t size)
1905 {
1906         ssize_t result;
1907
1908         result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1909
1910         do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1911                "%s|%s", fsp->fsp_name, name);
1912
1913         return result;
1914 }
1915
1916 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1917                                const char *path, char *list, size_t size)
1918 {
1919         ssize_t result;
1920
1921         result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1922
1923         do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1924
1925         return result;
1926 }
1927
1928 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1929                                 const char *path, char *list, size_t size)
1930 {
1931         ssize_t result;
1932
1933         result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1934
1935         do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1936
1937         return result;
1938 }
1939
1940 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1941                                 struct files_struct *fsp, int fd, char *list,
1942                                 size_t size)
1943 {
1944         ssize_t result;
1945
1946         result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1947
1948         do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1949                "%s", fsp->fsp_name);
1950
1951         return result;
1952 }
1953
1954 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1955                              const char *path,
1956                              const char *name)
1957 {
1958         int result;
1959
1960         result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1961
1962         do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1963                "%s|%s", path, name);
1964
1965         return result;
1966 }
1967
1968 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
1969                               const char *path,
1970                               const char *name)
1971 {
1972         int result;
1973
1974         result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
1975
1976         do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1977                "%s|%s", path, name);
1978
1979         return result;
1980 }
1981
1982 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1983                               struct files_struct *fsp, int fd,
1984                               const char *name)
1985 {
1986         int result;
1987
1988         result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1989
1990         do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1991                "%s|%s", fsp->fsp_name, name);
1992
1993         return result;
1994 }
1995
1996 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1997                           const char *path,
1998                           const char *name, const void *value, size_t size,
1999                           int flags)
2000 {
2001         int result;
2002
2003         result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2004                                        flags);
2005
2006         do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2007                "%s|%s", path, name);
2008
2009         return result;
2010 }
2011
2012 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2013                            const char *path,
2014                            const char *name, const void *value, size_t size,
2015                            int flags)
2016 {
2017         int result;
2018
2019         result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2020                                         flags);
2021
2022         do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2023                "%s|%s", path, name);
2024
2025         return result;
2026 }
2027
2028 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2029                            struct files_struct *fsp, int fd, const char *name,
2030                            const void *value, size_t size, int flags)
2031 {
2032         int result;
2033
2034         result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
2035                                         flags);
2036
2037         do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2038                "%s|%s", fsp->fsp_name, name);
2039
2040         return result;
2041 }
2042
2043 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2044 {
2045         int result;
2046
2047         result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2048         do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2049                 "%s", fsp->fsp_name);
2050
2051         return result;
2052 }
2053
2054 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2055 {
2056         int result;
2057
2058         result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2059         do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2060                 "%s", fsp->fsp_name);
2061
2062         return result;
2063 }
2064
2065 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2066 {
2067         int result;
2068
2069         result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2070         do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2071                 "%s", fsp->fsp_name);
2072
2073         return result;
2074 }
2075
2076 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb)
2077 {
2078         int result;
2079
2080         result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, fd, aiocb);
2081         do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2082                 "%s", fsp->fsp_name);
2083
2084         return result;
2085 }
2086
2087 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2088 {
2089         int result;
2090
2091         result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2092         do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2093                 "%s", fsp->fsp_name);
2094
2095         return result;
2096 }
2097
2098 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2099 {
2100         int result;
2101
2102         result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2103         do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2104                 "%s", fsp->fsp_name);
2105
2106         return result;
2107 }
2108
2109 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2110 {
2111         int result;
2112
2113         result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2114         do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2115                 "%s", fsp->fsp_name);
2116
2117         return result;
2118 }
2119
2120
2121 NTSTATUS vfs_full_audit_init(void);
2122 NTSTATUS vfs_full_audit_init(void)
2123 {
2124         NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2125                                         "full_audit", audit_op_tuples);
2126         
2127         if (!NT_STATUS_IS_OK(ret))
2128                 return ret;
2129
2130         vfs_full_audit_debug_level = debug_add_class("full_audit");
2131         if (vfs_full_audit_debug_level == -1) {
2132                 vfs_full_audit_debug_level = DBGC_VFS;
2133                 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2134                           "class!\n"));
2135         } else {
2136                 DEBUG(10, ("vfs_full_audit: Debug class number of "
2137                            "'full_audit': %d\n", vfs_full_audit_debug_level));
2138         }
2139         
2140         return ret;
2141 }