2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 static int vfs_full_audit_debug_level = DBGC_VFS;
64 struct vfs_full_audit_private_data {
65 struct bitmap *success_ops;
66 struct bitmap *failure_ops;
70 #define DBGC_CLASS vfs_full_audit_debug_level
72 /* Function prototypes */
74 static int smb_full_audit_connect(vfs_handle_struct *handle,
75 const char *svc, const char *user);
76 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
77 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
79 bool small_query, uint64_t *bsize,
80 uint64_t *dfree, uint64_t *dsize);
81 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
82 enum SMB_QUOTA_TYPE qtype, unid_t id,
84 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
85 enum SMB_QUOTA_TYPE qtype, unid_t id,
87 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
88 struct files_struct *fsp,
89 SHADOW_COPY_DATA *shadow_copy_data, bool labels);
90 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
92 struct vfs_statvfs_struct *statbuf);
94 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
95 const char *fname, const char *mask, uint32 attr);
96 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
98 SMB_STRUCT_STAT *sbuf);
99 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
100 SMB_STRUCT_DIR *dirp, long offset);
101 static long smb_full_audit_telldir(vfs_handle_struct *handle,
102 SMB_STRUCT_DIR *dirp);
103 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
104 SMB_STRUCT_DIR *dirp);
105 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
106 const char *path, mode_t mode);
107 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
109 static int smb_full_audit_closedir(vfs_handle_struct *handle,
110 SMB_STRUCT_DIR *dirp);
111 static int smb_full_audit_open(vfs_handle_struct *handle,
112 const char *fname, files_struct *fsp, int flags, mode_t mode);
113 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
114 struct smb_request *req,
115 uint16_t root_dir_fid,
117 uint32_t create_file_flags,
118 uint32_t access_mask,
119 uint32_t share_access,
120 uint32_t create_disposition,
121 uint32_t create_options,
122 uint32_t file_attributes,
123 uint32_t oplock_request,
124 uint64_t allocation_size,
125 struct security_descriptor *sd,
126 struct ea_list *ea_list,
127 files_struct **result,
129 SMB_STRUCT_STAT *psbuf);
130 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp);
131 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
132 void *data, size_t n);
133 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
134 void *data, size_t n, SMB_OFF_T offset);
135 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
136 const void *data, size_t n);
137 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
138 const void *data, size_t n,
140 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
141 SMB_OFF_T offset, int whence);
142 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
143 files_struct *fromfsp,
144 const DATA_BLOB *hdr, SMB_OFF_T offset,
146 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
150 static int smb_full_audit_rename(vfs_handle_struct *handle,
151 const char *oldname, const char *newname);
152 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp);
153 static int smb_full_audit_stat(vfs_handle_struct *handle,
154 const char *fname, SMB_STRUCT_STAT *sbuf);
155 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
156 SMB_STRUCT_STAT *sbuf);
157 static int smb_full_audit_lstat(vfs_handle_struct *handle,
158 const char *path, SMB_STRUCT_STAT *sbuf);
159 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
160 files_struct *fsp, const SMB_STRUCT_STAT *sbuf);
161 static int smb_full_audit_unlink(vfs_handle_struct *handle,
163 static int smb_full_audit_chmod(vfs_handle_struct *handle,
164 const char *path, mode_t mode);
165 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
167 static int smb_full_audit_chown(vfs_handle_struct *handle,
168 const char *path, uid_t uid, gid_t gid);
169 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
170 uid_t uid, gid_t gid);
171 static int smb_full_audit_lchown(vfs_handle_struct *handle,
172 const char *path, uid_t uid, gid_t gid);
173 static int smb_full_audit_chdir(vfs_handle_struct *handle,
175 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
177 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
178 const char *path, struct smb_file_time *ft);
179 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
181 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
182 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
183 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
184 struct files_struct *fsp,
186 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
188 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
189 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
190 static int smb_full_audit_symlink(vfs_handle_struct *handle,
191 const char *oldpath, const char *newpath);
192 static int smb_full_audit_readlink(vfs_handle_struct *handle,
193 const char *path, char *buf, size_t bufsiz);
194 static int smb_full_audit_link(vfs_handle_struct *handle,
195 const char *oldpath, const char *newpath);
196 static int smb_full_audit_mknod(vfs_handle_struct *handle,
197 const char *pathname, mode_t mode, SMB_DEV_T dev);
198 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
199 const char *path, char *resolved_path);
200 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
201 struct sys_notify_context *ctx,
202 struct notify_entry *e,
203 void (*callback)(struct sys_notify_context *ctx,
205 struct notify_event *ev),
206 void *private_data, void *handle_p);
207 static int smb_full_audit_chflags(vfs_handle_struct *handle,
208 const char *path, unsigned int flags);
209 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
210 SMB_DEV_T dev, SMB_INO_T inode);
211 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
212 struct files_struct *fsp,
215 unsigned int *pnum_streams,
216 struct stream_struct **pstreams);
217 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
222 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
223 uint32 security_info,
225 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
226 const char *name, uint32 security_info,
228 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
229 uint32 security_info_sent,
230 const SEC_DESC *psd);
231 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
232 const char *path, mode_t mode);
233 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
235 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
236 SMB_ACL_T theacl, int entry_id,
237 SMB_ACL_ENTRY_T *entry_p);
238 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
239 SMB_ACL_ENTRY_T entry_d,
240 SMB_ACL_TAG_T *tag_type_p);
241 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
242 SMB_ACL_ENTRY_T entry_d,
243 SMB_ACL_PERMSET_T *permset_p);
244 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
245 SMB_ACL_ENTRY_T entry_d);
246 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
248 SMB_ACL_TYPE_T type);
249 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
251 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
252 SMB_ACL_PERMSET_T permset);
253 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
254 SMB_ACL_PERMSET_T permset,
255 SMB_ACL_PERM_T perm);
256 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
259 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
261 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
263 SMB_ACL_ENTRY_T *pentry);
264 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
265 SMB_ACL_ENTRY_T entry,
266 SMB_ACL_TAG_T tagtype);
267 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
268 SMB_ACL_ENTRY_T entry,
270 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
271 SMB_ACL_ENTRY_T entry,
272 SMB_ACL_PERMSET_T permset);
273 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
275 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
276 const char *name, SMB_ACL_TYPE_T acltype,
278 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
280 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
282 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
283 SMB_ACL_PERMSET_T permset,
284 SMB_ACL_PERM_T perm);
285 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
287 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
288 SMB_ACL_T posix_acl);
289 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
291 SMB_ACL_TAG_T tagtype);
292 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
294 const char *name, void *value, size_t size);
295 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
296 const char *path, const char *name,
297 void *value, size_t size);
298 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
299 struct files_struct *fsp,
300 const char *name, void *value, size_t size);
301 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
302 const char *path, char *list, size_t size);
303 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
304 const char *path, char *list, size_t size);
305 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
306 struct files_struct *fsp, char *list,
308 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
311 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
314 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
315 struct files_struct *fsp,
317 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
319 const char *name, const void *value, size_t size,
321 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
323 const char *name, const void *value, size_t size,
325 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
326 struct files_struct *fsp, const char *name,
327 const void *value, size_t size, int flags);
329 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
330 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
331 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
332 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
333 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
334 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
335 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
339 static vfs_op_tuple audit_op_tuples[] = {
341 /* Disk operations */
343 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
344 SMB_VFS_LAYER_LOGGER},
345 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
346 SMB_VFS_LAYER_LOGGER},
347 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
348 SMB_VFS_LAYER_LOGGER},
349 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
350 SMB_VFS_LAYER_LOGGER},
351 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
352 SMB_VFS_LAYER_LOGGER},
353 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
354 SMB_VFS_LAYER_LOGGER},
355 {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS,
356 SMB_VFS_LAYER_LOGGER},
358 /* Directory operations */
360 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
371 SMB_VFS_LAYER_LOGGER},
372 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
373 SMB_VFS_LAYER_LOGGER},
374 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
375 SMB_VFS_LAYER_LOGGER},
377 /* File operations */
379 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE,
382 SMB_VFS_LAYER_LOGGER},
383 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
384 SMB_VFS_LAYER_LOGGER},
385 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
386 SMB_VFS_LAYER_LOGGER},
387 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
388 SMB_VFS_LAYER_LOGGER},
389 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
390 SMB_VFS_LAYER_LOGGER},
391 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
392 SMB_VFS_LAYER_LOGGER},
393 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
394 SMB_VFS_LAYER_LOGGER},
395 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
396 SMB_VFS_LAYER_LOGGER},
397 {SMB_VFS_OP(smb_full_audit_recvfile), SMB_VFS_OP_RECVFILE,
398 SMB_VFS_LAYER_LOGGER},
399 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
400 SMB_VFS_LAYER_LOGGER},
401 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
402 SMB_VFS_LAYER_LOGGER},
403 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
404 SMB_VFS_LAYER_LOGGER},
405 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
406 SMB_VFS_LAYER_LOGGER},
407 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
408 SMB_VFS_LAYER_LOGGER},
409 {SMB_VFS_OP(smb_full_audit_get_alloc_size), SMB_VFS_OP_GET_ALLOC_SIZE,
410 SMB_VFS_LAYER_LOGGER},
411 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
412 SMB_VFS_LAYER_LOGGER},
413 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
414 SMB_VFS_LAYER_LOGGER},
415 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
416 SMB_VFS_LAYER_LOGGER},
417 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
418 SMB_VFS_LAYER_LOGGER},
419 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
420 SMB_VFS_LAYER_LOGGER},
421 {SMB_VFS_OP(smb_full_audit_lchown), SMB_VFS_OP_LCHOWN,
422 SMB_VFS_LAYER_LOGGER},
423 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
424 SMB_VFS_LAYER_LOGGER},
425 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
426 SMB_VFS_LAYER_LOGGER},
427 {SMB_VFS_OP(smb_full_audit_ntimes), SMB_VFS_OP_NTIMES,
428 SMB_VFS_LAYER_LOGGER},
429 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
430 SMB_VFS_LAYER_LOGGER},
431 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
432 SMB_VFS_LAYER_LOGGER},
433 {SMB_VFS_OP(smb_full_audit_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
434 SMB_VFS_LAYER_LOGGER},
435 {SMB_VFS_OP(smb_full_audit_linux_setlease), SMB_VFS_OP_LINUX_SETLEASE,
436 SMB_VFS_LAYER_LOGGER},
437 {SMB_VFS_OP(smb_full_audit_getlock), SMB_VFS_OP_GETLOCK,
438 SMB_VFS_LAYER_LOGGER},
439 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
440 SMB_VFS_LAYER_LOGGER},
441 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
442 SMB_VFS_LAYER_LOGGER},
443 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
444 SMB_VFS_LAYER_LOGGER},
445 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
446 SMB_VFS_LAYER_LOGGER},
447 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
448 SMB_VFS_LAYER_LOGGER},
449 {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
450 SMB_VFS_LAYER_LOGGER},
451 {SMB_VFS_OP(smb_full_audit_chflags), SMB_VFS_OP_CHFLAGS,
452 SMB_VFS_LAYER_LOGGER},
453 {SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
454 SMB_VFS_LAYER_LOGGER},
455 {SMB_VFS_OP(smb_full_audit_streaminfo), SMB_VFS_OP_STREAMINFO,
456 SMB_VFS_LAYER_LOGGER},
457 {SMB_VFS_OP(smb_full_audit_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME,
458 SMB_VFS_LAYER_LOGGER},
460 /* NT ACL operations. */
462 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
463 SMB_VFS_LAYER_LOGGER},
464 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
465 SMB_VFS_LAYER_LOGGER},
466 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
467 SMB_VFS_LAYER_LOGGER},
469 /* POSIX ACL operations. */
471 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
472 SMB_VFS_LAYER_LOGGER},
473 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
474 SMB_VFS_LAYER_LOGGER},
475 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
476 SMB_VFS_LAYER_LOGGER},
477 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
478 SMB_VFS_LAYER_LOGGER},
479 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
480 SMB_VFS_LAYER_LOGGER},
481 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
482 SMB_VFS_LAYER_LOGGER},
483 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
484 SMB_VFS_LAYER_LOGGER},
485 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
486 SMB_VFS_LAYER_LOGGER},
487 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
488 SMB_VFS_LAYER_LOGGER},
489 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
490 SMB_VFS_LAYER_LOGGER},
491 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
492 SMB_VFS_LAYER_LOGGER},
493 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
494 SMB_VFS_LAYER_LOGGER},
495 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
496 SMB_VFS_LAYER_LOGGER},
497 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
498 SMB_VFS_LAYER_LOGGER},
499 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
500 SMB_VFS_LAYER_LOGGER},
501 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
502 SMB_VFS_LAYER_LOGGER},
503 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
504 SMB_VFS_LAYER_LOGGER},
505 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
506 SMB_VFS_LAYER_LOGGER},
507 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
508 SMB_VFS_LAYER_LOGGER},
509 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
510 SMB_VFS_LAYER_LOGGER},
511 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
512 SMB_VFS_LAYER_LOGGER},
513 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
514 SMB_VFS_LAYER_LOGGER},
515 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
516 SMB_VFS_LAYER_LOGGER},
517 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
518 SMB_VFS_LAYER_LOGGER},
522 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
523 SMB_VFS_LAYER_LOGGER},
524 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
525 SMB_VFS_LAYER_LOGGER},
526 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
527 SMB_VFS_LAYER_LOGGER},
528 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
529 SMB_VFS_LAYER_LOGGER},
530 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
531 SMB_VFS_LAYER_LOGGER},
532 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
533 SMB_VFS_LAYER_LOGGER},
534 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
535 SMB_VFS_LAYER_LOGGER},
536 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
537 SMB_VFS_LAYER_LOGGER},
538 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
539 SMB_VFS_LAYER_LOGGER},
540 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
541 SMB_VFS_LAYER_LOGGER},
542 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
543 SMB_VFS_LAYER_LOGGER},
544 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
545 SMB_VFS_LAYER_LOGGER},
547 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
548 SMB_VFS_LAYER_LOGGER},
549 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
550 SMB_VFS_LAYER_LOGGER},
551 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
552 SMB_VFS_LAYER_LOGGER},
553 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
554 SMB_VFS_LAYER_LOGGER},
555 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
556 SMB_VFS_LAYER_LOGGER},
557 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
558 SMB_VFS_LAYER_LOGGER},
559 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
560 SMB_VFS_LAYER_LOGGER},
562 /* Finish VFS operations definition */
564 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
568 /* The following array *must* be in the same order as defined in vfs.h */
574 { SMB_VFS_OP_CONNECT, "connect" },
575 { SMB_VFS_OP_DISCONNECT, "disconnect" },
576 { SMB_VFS_OP_DISK_FREE, "disk_free" },
577 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
578 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
579 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
580 { SMB_VFS_OP_STATVFS, "statvfs" },
581 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
582 { SMB_VFS_OP_OPENDIR, "opendir" },
583 { SMB_VFS_OP_READDIR, "readdir" },
584 { SMB_VFS_OP_SEEKDIR, "seekdir" },
585 { SMB_VFS_OP_TELLDIR, "telldir" },
586 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
587 { SMB_VFS_OP_MKDIR, "mkdir" },
588 { SMB_VFS_OP_RMDIR, "rmdir" },
589 { SMB_VFS_OP_CLOSEDIR, "closedir" },
590 { SMB_VFS_OP_OPEN, "open" },
591 { SMB_VFS_OP_CREATE_FILE, "create_file" },
592 { SMB_VFS_OP_CLOSE, "close" },
593 { SMB_VFS_OP_READ, "read" },
594 { SMB_VFS_OP_PREAD, "pread" },
595 { SMB_VFS_OP_WRITE, "write" },
596 { SMB_VFS_OP_PWRITE, "pwrite" },
597 { SMB_VFS_OP_LSEEK, "lseek" },
598 { SMB_VFS_OP_SENDFILE, "sendfile" },
599 { SMB_VFS_OP_RECVFILE, "recvfile" },
600 { SMB_VFS_OP_RENAME, "rename" },
601 { SMB_VFS_OP_FSYNC, "fsync" },
602 { SMB_VFS_OP_STAT, "stat" },
603 { SMB_VFS_OP_FSTAT, "fstat" },
604 { SMB_VFS_OP_LSTAT, "lstat" },
605 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
606 { SMB_VFS_OP_UNLINK, "unlink" },
607 { SMB_VFS_OP_CHMOD, "chmod" },
608 { SMB_VFS_OP_FCHMOD, "fchmod" },
609 { SMB_VFS_OP_CHOWN, "chown" },
610 { SMB_VFS_OP_FCHOWN, "fchown" },
611 { SMB_VFS_OP_LCHOWN, "lchown" },
612 { SMB_VFS_OP_CHDIR, "chdir" },
613 { SMB_VFS_OP_GETWD, "getwd" },
614 { SMB_VFS_OP_NTIMES, "ntimes" },
615 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
616 { SMB_VFS_OP_LOCK, "lock" },
617 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
618 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
619 { SMB_VFS_OP_GETLOCK, "getlock" },
620 { SMB_VFS_OP_SYMLINK, "symlink" },
621 { SMB_VFS_OP_READLINK, "readlink" },
622 { SMB_VFS_OP_LINK, "link" },
623 { SMB_VFS_OP_MKNOD, "mknod" },
624 { SMB_VFS_OP_REALPATH, "realpath" },
625 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
626 { SMB_VFS_OP_CHFLAGS, "chflags" },
627 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
628 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
629 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
630 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
631 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
632 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
633 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
634 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
635 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
636 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
637 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
638 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
639 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
640 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
641 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
642 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
643 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
644 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
645 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
646 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
647 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
648 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
649 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
650 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
651 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
652 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
653 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
654 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
655 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
656 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
657 { SMB_VFS_OP_GETXATTR, "getxattr" },
658 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
659 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
660 { SMB_VFS_OP_LISTXATTR, "listxattr" },
661 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
662 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
663 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
664 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
665 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
666 { SMB_VFS_OP_SETXATTR, "setxattr" },
667 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
668 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
669 { SMB_VFS_OP_AIO_READ, "aio_read" },
670 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
671 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
672 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
673 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
674 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
675 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
676 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
677 { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
678 { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
679 { SMB_VFS_OP_LAST, NULL }
682 static int audit_syslog_facility(vfs_handle_struct *handle)
684 static const struct enum_list enum_log_facilities[] = {
685 { LOG_USER, "USER" },
686 { LOG_LOCAL0, "LOCAL0" },
687 { LOG_LOCAL1, "LOCAL1" },
688 { LOG_LOCAL2, "LOCAL2" },
689 { LOG_LOCAL3, "LOCAL3" },
690 { LOG_LOCAL4, "LOCAL4" },
691 { LOG_LOCAL5, "LOCAL5" },
692 { LOG_LOCAL6, "LOCAL6" },
693 { LOG_LOCAL7, "LOCAL7" }
698 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
703 static int audit_syslog_priority(vfs_handle_struct *handle)
705 static const struct enum_list enum_log_priorities[] = {
706 { LOG_EMERG, "EMERG" },
707 { LOG_ALERT, "ALERT" },
708 { LOG_CRIT, "CRIT" },
710 { LOG_WARNING, "WARNING" },
711 { LOG_NOTICE, "NOTICE" },
712 { LOG_INFO, "INFO" },
713 { LOG_DEBUG, "DEBUG" }
718 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
719 enum_log_priorities, LOG_NOTICE);
720 if (priority == -1) {
721 priority = LOG_WARNING;
727 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
732 prefix = talloc_strdup(ctx,
733 lp_parm_const_string(SNUM(conn), "full_audit",
738 result = talloc_sub_advanced(ctx,
739 lp_servicename(SNUM(conn)),
740 conn->server_info->unix_name,
742 conn->server_info->utok.gid,
743 conn->server_info->sanitized_username,
744 pdb_get_domain(conn->server_info->sam_account),
750 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
752 struct vfs_full_audit_private_data *pd = NULL;
754 SMB_VFS_HANDLE_GET_DATA(handle, pd,
755 struct vfs_full_audit_private_data,
758 if (pd->success_ops == NULL) {
762 return bitmap_query(pd->success_ops, op);
765 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
767 struct vfs_full_audit_private_data *pd = NULL;
769 SMB_VFS_HANDLE_GET_DATA(handle, pd,
770 struct vfs_full_audit_private_data,
773 if (pd->failure_ops == NULL)
776 return bitmap_query(pd->failure_ops, op);
779 static void init_bitmap(struct bitmap **bm, const char **ops)
781 bool log_all = False;
786 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
789 DEBUG(0, ("Could not alloc bitmap -- "
790 "defaulting to logging everything\n"));
794 while (*ops != NULL) {
798 if (strequal(*ops, "all")) {
803 if (strequal(*ops, "none")) {
807 for (i=0; i<SMB_VFS_OP_LAST; i++) {
808 if (vfs_op_names[i].name == NULL) {
809 smb_panic("vfs_full_audit.c: name table not "
810 "in sync with vfs.h\n");
813 if (strequal(*ops, vfs_op_names[i].name)) {
819 DEBUG(0, ("Could not find opname %s, logging all\n",
828 /* The query functions default to True */
834 static const char *audit_opname(vfs_op_type op)
836 if (op >= SMB_VFS_OP_LAST)
837 return "INVALID VFS OP";
838 return vfs_op_names[op].name;
841 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
842 const char *format, ...)
845 char *audit_pre = NULL;
849 if (success && (!log_success(handle, op)))
852 if (!success && (!log_failure(handle, op)))
856 fstrcpy(err_msg, "ok");
858 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
860 va_start(ap, format);
861 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
868 audit_pre = audit_prefix(talloc_tos(), handle->conn);
869 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
870 audit_pre ? audit_pre : "",
871 audit_opname(op), err_msg, op_msg);
873 TALLOC_FREE(audit_pre);
879 /* Free function for the private data. */
881 static void free_private_data(void **p_data)
883 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
885 if (pd->success_ops) {
886 bitmap_free(pd->success_ops);
888 if (pd->failure_ops) {
889 bitmap_free(pd->failure_ops);
895 /* Implementation of vfs_ops. Pass everything on to the default
896 operation but log event first. */
898 static int smb_full_audit_connect(vfs_handle_struct *handle,
899 const char *svc, const char *user)
902 struct vfs_full_audit_private_data *pd = NULL;
903 const char *none[] = { NULL };
904 const char *all [] = { "all" };
910 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
916 openlog("smbd_audit", 0, audit_syslog_facility(handle));
918 init_bitmap(&pd->success_ops,
919 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
921 init_bitmap(&pd->failure_ops,
922 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
925 /* Store the private data. */
926 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
927 struct vfs_full_audit_private_data, return -1);
929 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
931 do_log(SMB_VFS_OP_CONNECT, True, handle,
937 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
939 SMB_VFS_NEXT_DISCONNECT(handle);
941 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
942 "%s", lp_servicename(SNUM(handle->conn)));
944 /* The bitmaps will be disconnected when the private
950 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
952 bool small_query, uint64_t *bsize,
953 uint64_t *dfree, uint64_t *dsize)
957 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
960 /* Don't have a reasonable notion of failure here */
962 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
967 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
968 enum SMB_QUOTA_TYPE qtype, unid_t id,
973 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
975 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
981 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
982 enum SMB_QUOTA_TYPE qtype, unid_t id,
987 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
989 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
994 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
995 struct files_struct *fsp,
996 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
1000 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
1002 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
1007 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
1009 struct vfs_statvfs_struct *statbuf)
1013 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
1015 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
1020 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
1021 const char *fname, const char *mask, uint32 attr)
1023 SMB_STRUCT_DIR *result;
1025 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
1027 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
1032 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
1033 SMB_STRUCT_DIR *dirp, SMB_STRUCT_STAT *sbuf)
1035 SMB_STRUCT_DIRENT *result;
1037 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
1039 /* This operation has no reasonable error condition
1040 * (End of dir is also failure), so always succeed.
1042 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1047 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
1048 SMB_STRUCT_DIR *dirp, long offset)
1050 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1052 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1056 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1057 SMB_STRUCT_DIR *dirp)
1061 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1063 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1068 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1069 SMB_STRUCT_DIR *dirp)
1071 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1073 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1077 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1078 const char *path, mode_t mode)
1082 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1084 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1089 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1094 result = SMB_VFS_NEXT_RMDIR(handle, path);
1096 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1101 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1102 SMB_STRUCT_DIR *dirp)
1106 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1108 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1113 static int smb_full_audit_open(vfs_handle_struct *handle,
1114 const char *fname, files_struct *fsp, int flags, mode_t mode)
1118 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1120 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1121 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1127 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1128 struct smb_request *req,
1129 uint16_t root_dir_fid,
1131 uint32_t create_file_flags,
1132 uint32_t access_mask,
1133 uint32_t share_access,
1134 uint32_t create_disposition,
1135 uint32_t create_options,
1136 uint32_t file_attributes,
1137 uint32_t oplock_request,
1138 uint64_t allocation_size,
1139 struct security_descriptor *sd,
1140 struct ea_list *ea_list,
1141 files_struct **result_fsp,
1143 SMB_STRUCT_STAT *psbuf)
1147 result = SMB_VFS_NEXT_CREATE_FILE(
1148 handle, /* handle */
1150 root_dir_fid, /* root_dir_fid */
1152 create_file_flags, /* create_file_flags */
1153 access_mask, /* access_mask */
1154 share_access, /* share_access */
1155 create_disposition, /* create_disposition*/
1156 create_options, /* create_options */
1157 file_attributes, /* file_attributes */
1158 oplock_request, /* oplock_request */
1159 allocation_size, /* allocation_size */
1161 ea_list, /* ea_list */
1162 result_fsp, /* result */
1166 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
1167 access_mask, fname);
1172 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1176 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1178 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1183 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1184 void *data, size_t n)
1188 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1190 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1195 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1196 void *data, size_t n, SMB_OFF_T offset)
1200 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1202 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1207 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1208 const void *data, size_t n)
1212 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1214 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1219 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1220 const void *data, size_t n,
1225 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1227 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1232 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1233 SMB_OFF_T offset, int whence)
1237 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1239 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1240 "%s", fsp->fsp_name);
1245 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1246 files_struct *fromfsp,
1247 const DATA_BLOB *hdr, SMB_OFF_T offset,
1252 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1254 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1255 "%s", fromfsp->fsp_name);
1260 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1261 files_struct *tofsp,
1267 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1269 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1270 "%s", tofsp->fsp_name);
1275 static int smb_full_audit_rename(vfs_handle_struct *handle,
1276 const char *oldname, const char *newname)
1280 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1282 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1287 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1291 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1293 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1298 static int smb_full_audit_stat(vfs_handle_struct *handle,
1299 const char *fname, SMB_STRUCT_STAT *sbuf)
1303 result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1305 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1310 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1311 SMB_STRUCT_STAT *sbuf)
1315 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1317 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1322 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1323 const char *path, SMB_STRUCT_STAT *sbuf)
1327 result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1329 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1334 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1335 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1339 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1341 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result >= 0), handle, "%d", result);
1346 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1351 result = SMB_VFS_NEXT_UNLINK(handle, path);
1353 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1358 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1359 const char *path, mode_t mode)
1363 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1365 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1370 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1375 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1377 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1378 "%s|%o", fsp->fsp_name, mode);
1383 static int smb_full_audit_chown(vfs_handle_struct *handle,
1384 const char *path, uid_t uid, gid_t gid)
1388 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1390 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1391 path, (long int)uid, (long int)gid);
1396 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1397 uid_t uid, gid_t gid)
1401 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1403 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1404 fsp->fsp_name, (long int)uid, (long int)gid);
1409 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1410 const char *path, uid_t uid, gid_t gid)
1414 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1416 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1417 path, (long int)uid, (long int)gid);
1422 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1427 result = SMB_VFS_NEXT_CHDIR(handle, path);
1429 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1434 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1439 result = SMB_VFS_NEXT_GETWD(handle, path);
1441 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1446 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1447 const char *path, struct smb_file_time *ft)
1451 result = SMB_VFS_NEXT_NTIMES(handle, path, ft);
1453 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1458 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1463 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1465 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1466 "%s", fsp->fsp_name);
1471 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1472 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1476 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1478 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp->fsp_name);
1483 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1484 struct files_struct *fsp,
1489 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1491 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1497 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1502 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1504 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1510 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1511 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1515 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1517 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp->fsp_name);
1522 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1523 const char *oldpath, const char *newpath)
1527 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1529 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1530 "%s|%s", oldpath, newpath);
1535 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1536 const char *path, char *buf, size_t bufsiz)
1540 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1542 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1547 static int smb_full_audit_link(vfs_handle_struct *handle,
1548 const char *oldpath, const char *newpath)
1552 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1554 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1555 "%s|%s", oldpath, newpath);
1560 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1561 const char *pathname, mode_t mode, SMB_DEV_T dev)
1565 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1567 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1572 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1573 const char *path, char *resolved_path)
1577 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1579 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1584 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1585 struct sys_notify_context *ctx,
1586 struct notify_entry *e,
1587 void (*callback)(struct sys_notify_context *ctx,
1589 struct notify_event *ev),
1590 void *private_data, void *handle_p)
1594 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1596 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1601 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1602 const char *path, unsigned int flags)
1606 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1608 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1613 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1614 SMB_DEV_T dev, SMB_INO_T inode)
1616 struct file_id id_zero;
1617 struct file_id result;
1619 ZERO_STRUCT(id_zero);
1621 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode);
1623 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1624 !file_id_equal(&id_zero, &result),
1625 handle, "%s", file_id_string_tos(&result));
1630 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1631 struct files_struct *fsp,
1633 TALLOC_CTX *mem_ctx,
1634 unsigned int *pnum_streams,
1635 struct stream_struct **pstreams)
1639 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1640 pnum_streams, pstreams);
1642 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1648 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1651 TALLOC_CTX *mem_ctx,
1656 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1659 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1660 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1665 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1666 uint32 security_info,
1671 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1673 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1674 "%s", fsp->fsp_name);
1679 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1681 uint32 security_info,
1686 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1688 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1694 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1695 uint32 security_info_sent,
1696 const SEC_DESC *psd)
1700 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1702 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1707 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1708 const char *path, mode_t mode)
1712 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1714 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1715 "%s|%o", path, mode);
1720 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1725 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1727 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1728 "%s|%o", fsp->fsp_name, mode);
1733 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1735 SMB_ACL_T theacl, int entry_id,
1736 SMB_ACL_ENTRY_T *entry_p)
1740 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1743 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1749 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1751 SMB_ACL_ENTRY_T entry_d,
1752 SMB_ACL_TAG_T *tag_type_p)
1756 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1759 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1765 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1767 SMB_ACL_ENTRY_T entry_d,
1768 SMB_ACL_PERMSET_T *permset_p)
1772 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1775 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1781 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1783 SMB_ACL_ENTRY_T entry_d)
1787 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1789 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1795 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1797 SMB_ACL_TYPE_T type)
1801 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1803 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1809 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1814 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1816 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1817 "%s", fsp->fsp_name);
1822 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1824 SMB_ACL_PERMSET_T permset)
1828 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1830 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1836 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1838 SMB_ACL_PERMSET_T permset,
1839 SMB_ACL_PERM_T perm)
1843 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1845 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1851 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1857 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1859 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1865 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1871 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1873 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1879 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1881 SMB_ACL_ENTRY_T *pentry)
1885 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1887 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1893 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1895 SMB_ACL_ENTRY_T entry,
1896 SMB_ACL_TAG_T tagtype)
1900 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1903 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1909 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1911 SMB_ACL_ENTRY_T entry,
1916 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1918 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1924 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1926 SMB_ACL_ENTRY_T entry,
1927 SMB_ACL_PERMSET_T permset)
1931 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1933 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1939 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1945 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1947 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1953 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1955 const char *name, SMB_ACL_TYPE_T acltype,
1960 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1963 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1969 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1974 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1976 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1977 "%s", fsp->fsp_name);
1982 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1988 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1990 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1996 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1998 SMB_ACL_PERMSET_T permset,
1999 SMB_ACL_PERM_T perm)
2003 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
2005 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
2011 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
2017 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
2019 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
2025 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
2027 SMB_ACL_T posix_acl)
2031 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
2033 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
2039 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
2041 SMB_ACL_TAG_T tagtype)
2045 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
2048 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
2054 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2056 const char *name, void *value, size_t size)
2060 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
2062 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2063 "%s|%s", path, name);
2068 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
2069 const char *path, const char *name,
2070 void *value, size_t size)
2074 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
2076 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
2077 "%s|%s", path, name);
2082 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2083 struct files_struct *fsp,
2084 const char *name, void *value, size_t size)
2088 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2090 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2091 "%s|%s", fsp->fsp_name, name);
2096 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2097 const char *path, char *list, size_t size)
2101 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
2103 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
2108 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
2109 const char *path, char *list, size_t size)
2113 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
2115 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
2120 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2121 struct files_struct *fsp, char *list,
2126 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2128 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2129 "%s", fsp->fsp_name);
2134 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2140 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2142 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2143 "%s|%s", path, name);
2148 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2154 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2156 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2157 "%s|%s", path, name);
2162 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2163 struct files_struct *fsp,
2168 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2170 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2171 "%s|%s", fsp->fsp_name, name);
2176 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2178 const char *name, const void *value, size_t size,
2183 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2186 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2187 "%s|%s", path, name);
2192 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2194 const char *name, const void *value, size_t size,
2199 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2202 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2203 "%s|%s", path, name);
2208 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2209 struct files_struct *fsp, const char *name,
2210 const void *value, size_t size, int flags)
2214 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2216 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2217 "%s|%s", fsp->fsp_name, name);
2222 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2226 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2227 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2228 "%s", fsp->fsp_name);
2233 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2237 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2238 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2239 "%s", fsp->fsp_name);
2244 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2248 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2249 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2250 "%s", fsp->fsp_name);
2255 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2259 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2260 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2261 "%s", fsp->fsp_name);
2266 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2270 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2271 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2272 "%s", fsp->fsp_name);
2277 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2281 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2282 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2283 "%s", fsp->fsp_name);
2288 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2292 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2293 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2294 "%s", fsp->fsp_name);
2300 NTSTATUS vfs_full_audit_init(void);
2301 NTSTATUS vfs_full_audit_init(void)
2303 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2304 "full_audit", audit_op_tuples);
2306 if (!NT_STATUS_IS_OK(ret))
2309 vfs_full_audit_debug_level = debug_add_class("full_audit");
2310 if (vfs_full_audit_debug_level == -1) {
2311 vfs_full_audit_debug_level = DBGC_VFS;
2312 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2315 DEBUG(10, ("vfs_full_audit: Debug class number of "
2316 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / ira / wip.git / blob