2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 static int vfs_full_audit_debug_level = DBGC_VFS;
64 struct vfs_full_audit_private_data {
65 struct bitmap *success_ops;
66 struct bitmap *failure_ops;
70 #define DBGC_CLASS vfs_full_audit_debug_level
72 /* Function prototypes */
74 static int smb_full_audit_connect(vfs_handle_struct *handle,
75 const char *svc, const char *user);
76 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
77 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
79 bool small_query, uint64_t *bsize,
80 uint64_t *dfree, uint64_t *dsize);
81 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
82 enum SMB_QUOTA_TYPE qtype, unid_t id,
84 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
85 enum SMB_QUOTA_TYPE qtype, unid_t id,
87 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
88 struct files_struct *fsp,
89 SHADOW_COPY_DATA *shadow_copy_data, bool labels);
90 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
92 struct vfs_statvfs_struct *statbuf);
93 static int smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle);
94 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
95 const char *fname, const char *mask, uint32 attr);
96 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
98 SMB_STRUCT_STAT *sbuf);
99 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
100 SMB_STRUCT_DIR *dirp, long offset);
101 static long smb_full_audit_telldir(vfs_handle_struct *handle,
102 SMB_STRUCT_DIR *dirp);
103 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
104 SMB_STRUCT_DIR *dirp);
105 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
106 const char *path, mode_t mode);
107 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
109 static int smb_full_audit_closedir(vfs_handle_struct *handle,
110 SMB_STRUCT_DIR *dirp);
111 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
112 SMB_STRUCT_DIR *dirp);
113 static int smb_full_audit_open(vfs_handle_struct *handle,
114 const char *fname, files_struct *fsp, int flags, mode_t mode);
115 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
116 struct smb_request *req,
117 uint16_t root_dir_fid,
119 uint32_t create_file_flags,
120 uint32_t access_mask,
121 uint32_t share_access,
122 uint32_t create_disposition,
123 uint32_t create_options,
124 uint32_t file_attributes,
125 uint32_t oplock_request,
126 uint64_t allocation_size,
127 struct security_descriptor *sd,
128 struct ea_list *ea_list,
129 files_struct **result,
131 SMB_STRUCT_STAT *psbuf);
132 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp);
133 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
134 void *data, size_t n);
135 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
136 void *data, size_t n, SMB_OFF_T offset);
137 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
138 const void *data, size_t n);
139 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
140 const void *data, size_t n,
142 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
143 SMB_OFF_T offset, int whence);
144 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
145 files_struct *fromfsp,
146 const DATA_BLOB *hdr, SMB_OFF_T offset,
148 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
152 static int smb_full_audit_rename(vfs_handle_struct *handle,
153 const char *oldname, const char *newname);
154 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp);
155 static int smb_full_audit_stat(vfs_handle_struct *handle,
156 const char *fname, SMB_STRUCT_STAT *sbuf);
157 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
158 SMB_STRUCT_STAT *sbuf);
159 static int smb_full_audit_lstat(vfs_handle_struct *handle,
160 const char *path, SMB_STRUCT_STAT *sbuf);
161 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
162 files_struct *fsp, const SMB_STRUCT_STAT *sbuf);
163 static int smb_full_audit_unlink(vfs_handle_struct *handle,
165 static int smb_full_audit_chmod(vfs_handle_struct *handle,
166 const char *path, mode_t mode);
167 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
169 static int smb_full_audit_chown(vfs_handle_struct *handle,
170 const char *path, uid_t uid, gid_t gid);
171 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
172 uid_t uid, gid_t gid);
173 static int smb_full_audit_lchown(vfs_handle_struct *handle,
174 const char *path, uid_t uid, gid_t gid);
175 static int smb_full_audit_chdir(vfs_handle_struct *handle,
177 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
179 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
180 const char *path, struct smb_file_time *ft);
181 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
183 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
184 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
185 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
186 struct files_struct *fsp,
188 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
190 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
191 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
192 static int smb_full_audit_symlink(vfs_handle_struct *handle,
193 const char *oldpath, const char *newpath);
194 static int smb_full_audit_readlink(vfs_handle_struct *handle,
195 const char *path, char *buf, size_t bufsiz);
196 static int smb_full_audit_link(vfs_handle_struct *handle,
197 const char *oldpath, const char *newpath);
198 static int smb_full_audit_mknod(vfs_handle_struct *handle,
199 const char *pathname, mode_t mode, SMB_DEV_T dev);
200 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
201 const char *path, char *resolved_path);
202 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
203 struct sys_notify_context *ctx,
204 struct notify_entry *e,
205 void (*callback)(struct sys_notify_context *ctx,
207 struct notify_event *ev),
208 void *private_data, void *handle_p);
209 static int smb_full_audit_chflags(vfs_handle_struct *handle,
210 const char *path, unsigned int flags);
211 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
212 const SMB_STRUCT_STAT *sbuf);
213 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
214 struct files_struct *fsp,
217 unsigned int *pnum_streams,
218 struct stream_struct **pstreams);
219 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
224 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
225 struct byte_range_lock *br_lck,
226 struct lock_struct *plock,
228 struct blocking_lock_record *blr);
229 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
230 struct messaging_context *msg_ctx,
231 struct byte_range_lock *br_lck,
232 const struct lock_struct *plock);
233 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
234 struct byte_range_lock *br_lck,
235 struct lock_struct *plock,
236 struct blocking_lock_record *blr);
237 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
238 uint32 security_info,
240 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
241 const char *name, uint32 security_info,
243 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
244 uint32 security_info_sent,
245 const SEC_DESC *psd);
246 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
247 const char *path, mode_t mode);
248 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
250 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
251 SMB_ACL_T theacl, int entry_id,
252 SMB_ACL_ENTRY_T *entry_p);
253 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
254 SMB_ACL_ENTRY_T entry_d,
255 SMB_ACL_TAG_T *tag_type_p);
256 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
257 SMB_ACL_ENTRY_T entry_d,
258 SMB_ACL_PERMSET_T *permset_p);
259 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
260 SMB_ACL_ENTRY_T entry_d);
261 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
263 SMB_ACL_TYPE_T type);
264 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
266 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
267 SMB_ACL_PERMSET_T permset);
268 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
269 SMB_ACL_PERMSET_T permset,
270 SMB_ACL_PERM_T perm);
271 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
274 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
276 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
278 SMB_ACL_ENTRY_T *pentry);
279 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
280 SMB_ACL_ENTRY_T entry,
281 SMB_ACL_TAG_T tagtype);
282 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
283 SMB_ACL_ENTRY_T entry,
285 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
286 SMB_ACL_ENTRY_T entry,
287 SMB_ACL_PERMSET_T permset);
288 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
290 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
291 const char *name, SMB_ACL_TYPE_T acltype,
293 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
295 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
297 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
298 SMB_ACL_PERMSET_T permset,
299 SMB_ACL_PERM_T perm);
300 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
302 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
303 SMB_ACL_T posix_acl);
304 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
306 SMB_ACL_TAG_T tagtype);
307 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
309 const char *name, void *value, size_t size);
310 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
311 const char *path, const char *name,
312 void *value, size_t size);
313 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
314 struct files_struct *fsp,
315 const char *name, void *value, size_t size);
316 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
317 const char *path, char *list, size_t size);
318 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
319 const char *path, char *list, size_t size);
320 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
321 struct files_struct *fsp, char *list,
323 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
326 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
329 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
330 struct files_struct *fsp,
332 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
334 const char *name, const void *value, size_t size,
336 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
338 const char *name, const void *value, size_t size,
340 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
341 struct files_struct *fsp, const char *name,
342 const void *value, size_t size, int flags);
344 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
345 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
346 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
347 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
348 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
349 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
350 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
351 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
352 struct files_struct *fsp);
356 static vfs_op_tuple audit_op_tuples[] = {
358 /* Disk operations */
360 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
371 SMB_VFS_LAYER_LOGGER},
372 {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS,
373 SMB_VFS_LAYER_LOGGER},
374 {SMB_VFS_OP(smb_full_audit_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES,
375 SMB_VFS_LAYER_LOGGER},
377 /* Directory operations */
379 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
382 SMB_VFS_LAYER_LOGGER},
383 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
384 SMB_VFS_LAYER_LOGGER},
385 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
386 SMB_VFS_LAYER_LOGGER},
387 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
388 SMB_VFS_LAYER_LOGGER},
389 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
390 SMB_VFS_LAYER_LOGGER},
391 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
392 SMB_VFS_LAYER_LOGGER},
393 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
394 SMB_VFS_LAYER_LOGGER},
395 {SMB_VFS_OP(smb_full_audit_init_search_op), SMB_VFS_OP_INIT_SEARCH_OP,
396 SMB_VFS_LAYER_LOGGER},
398 /* File operations */
400 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
401 SMB_VFS_LAYER_LOGGER},
402 {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE,
403 SMB_VFS_LAYER_LOGGER},
404 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
405 SMB_VFS_LAYER_LOGGER},
406 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(smb_full_audit_recvfile), SMB_VFS_OP_RECVFILE,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(smb_full_audit_get_alloc_size), SMB_VFS_OP_GET_ALLOC_SIZE,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
433 SMB_VFS_LAYER_LOGGER},
434 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
435 SMB_VFS_LAYER_LOGGER},
436 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
437 SMB_VFS_LAYER_LOGGER},
438 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
439 SMB_VFS_LAYER_LOGGER},
440 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
441 SMB_VFS_LAYER_LOGGER},
442 {SMB_VFS_OP(smb_full_audit_lchown), SMB_VFS_OP_LCHOWN,
443 SMB_VFS_LAYER_LOGGER},
444 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
445 SMB_VFS_LAYER_LOGGER},
446 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
447 SMB_VFS_LAYER_LOGGER},
448 {SMB_VFS_OP(smb_full_audit_ntimes), SMB_VFS_OP_NTIMES,
449 SMB_VFS_LAYER_LOGGER},
450 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
451 SMB_VFS_LAYER_LOGGER},
452 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
453 SMB_VFS_LAYER_LOGGER},
454 {SMB_VFS_OP(smb_full_audit_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
455 SMB_VFS_LAYER_LOGGER},
456 {SMB_VFS_OP(smb_full_audit_linux_setlease), SMB_VFS_OP_LINUX_SETLEASE,
457 SMB_VFS_LAYER_LOGGER},
458 {SMB_VFS_OP(smb_full_audit_getlock), SMB_VFS_OP_GETLOCK,
459 SMB_VFS_LAYER_LOGGER},
460 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
461 SMB_VFS_LAYER_LOGGER},
462 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
463 SMB_VFS_LAYER_LOGGER},
464 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
465 SMB_VFS_LAYER_LOGGER},
466 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
467 SMB_VFS_LAYER_LOGGER},
468 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
469 SMB_VFS_LAYER_LOGGER},
470 {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
471 SMB_VFS_LAYER_LOGGER},
472 {SMB_VFS_OP(smb_full_audit_chflags), SMB_VFS_OP_CHFLAGS,
473 SMB_VFS_LAYER_LOGGER},
474 {SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
475 SMB_VFS_LAYER_LOGGER},
476 {SMB_VFS_OP(smb_full_audit_streaminfo), SMB_VFS_OP_STREAMINFO,
477 SMB_VFS_LAYER_LOGGER},
478 {SMB_VFS_OP(smb_full_audit_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME,
479 SMB_VFS_LAYER_LOGGER},
480 {SMB_VFS_OP(smb_full_audit_brl_lock_windows), SMB_VFS_OP_BRL_LOCK_WINDOWS,
481 SMB_VFS_LAYER_LOGGER},
482 {SMB_VFS_OP(smb_full_audit_brl_unlock_windows), SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
483 SMB_VFS_LAYER_LOGGER},
484 {SMB_VFS_OP(smb_full_audit_brl_cancel_windows), SMB_VFS_OP_BRL_CANCEL_WINDOWS,
485 SMB_VFS_LAYER_LOGGER},
487 /* NT ACL operations. */
489 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
490 SMB_VFS_LAYER_LOGGER},
491 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
492 SMB_VFS_LAYER_LOGGER},
493 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
494 SMB_VFS_LAYER_LOGGER},
496 /* POSIX ACL operations. */
498 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
499 SMB_VFS_LAYER_LOGGER},
500 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
501 SMB_VFS_LAYER_LOGGER},
502 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
503 SMB_VFS_LAYER_LOGGER},
504 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
505 SMB_VFS_LAYER_LOGGER},
506 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
507 SMB_VFS_LAYER_LOGGER},
508 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
509 SMB_VFS_LAYER_LOGGER},
510 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
511 SMB_VFS_LAYER_LOGGER},
512 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
513 SMB_VFS_LAYER_LOGGER},
514 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
515 SMB_VFS_LAYER_LOGGER},
516 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
517 SMB_VFS_LAYER_LOGGER},
518 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
519 SMB_VFS_LAYER_LOGGER},
520 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
521 SMB_VFS_LAYER_LOGGER},
522 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
523 SMB_VFS_LAYER_LOGGER},
524 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
525 SMB_VFS_LAYER_LOGGER},
526 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
527 SMB_VFS_LAYER_LOGGER},
528 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
529 SMB_VFS_LAYER_LOGGER},
530 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
531 SMB_VFS_LAYER_LOGGER},
532 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
533 SMB_VFS_LAYER_LOGGER},
534 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
535 SMB_VFS_LAYER_LOGGER},
536 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
537 SMB_VFS_LAYER_LOGGER},
538 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
539 SMB_VFS_LAYER_LOGGER},
540 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
541 SMB_VFS_LAYER_LOGGER},
542 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
543 SMB_VFS_LAYER_LOGGER},
544 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
545 SMB_VFS_LAYER_LOGGER},
549 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
550 SMB_VFS_LAYER_LOGGER},
551 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
552 SMB_VFS_LAYER_LOGGER},
553 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
554 SMB_VFS_LAYER_LOGGER},
555 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
556 SMB_VFS_LAYER_LOGGER},
557 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
558 SMB_VFS_LAYER_LOGGER},
559 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
560 SMB_VFS_LAYER_LOGGER},
561 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
562 SMB_VFS_LAYER_LOGGER},
563 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
564 SMB_VFS_LAYER_LOGGER},
565 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
566 SMB_VFS_LAYER_LOGGER},
567 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
568 SMB_VFS_LAYER_LOGGER},
569 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
570 SMB_VFS_LAYER_LOGGER},
571 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
572 SMB_VFS_LAYER_LOGGER},
574 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
575 SMB_VFS_LAYER_LOGGER},
576 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
577 SMB_VFS_LAYER_LOGGER},
578 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
579 SMB_VFS_LAYER_LOGGER},
580 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
581 SMB_VFS_LAYER_LOGGER},
582 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
583 SMB_VFS_LAYER_LOGGER},
584 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
585 SMB_VFS_LAYER_LOGGER},
586 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
587 SMB_VFS_LAYER_LOGGER},
588 {SMB_VFS_OP(smb_full_audit_aio_force),SMB_VFS_OP_AIO_FORCE,
589 SMB_VFS_LAYER_LOGGER},
591 /* Finish VFS operations definition */
593 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
597 /* The following array *must* be in the same order as defined in vfs.h */
603 { SMB_VFS_OP_CONNECT, "connect" },
604 { SMB_VFS_OP_DISCONNECT, "disconnect" },
605 { SMB_VFS_OP_DISK_FREE, "disk_free" },
606 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
607 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
608 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
609 { SMB_VFS_OP_STATVFS, "statvfs" },
610 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
611 { SMB_VFS_OP_OPENDIR, "opendir" },
612 { SMB_VFS_OP_READDIR, "readdir" },
613 { SMB_VFS_OP_SEEKDIR, "seekdir" },
614 { SMB_VFS_OP_TELLDIR, "telldir" },
615 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
616 { SMB_VFS_OP_MKDIR, "mkdir" },
617 { SMB_VFS_OP_RMDIR, "rmdir" },
618 { SMB_VFS_OP_CLOSEDIR, "closedir" },
619 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
620 { SMB_VFS_OP_OPEN, "open" },
621 { SMB_VFS_OP_CREATE_FILE, "create_file" },
622 { SMB_VFS_OP_CLOSE, "close" },
623 { SMB_VFS_OP_READ, "read" },
624 { SMB_VFS_OP_PREAD, "pread" },
625 { SMB_VFS_OP_WRITE, "write" },
626 { SMB_VFS_OP_PWRITE, "pwrite" },
627 { SMB_VFS_OP_LSEEK, "lseek" },
628 { SMB_VFS_OP_SENDFILE, "sendfile" },
629 { SMB_VFS_OP_RECVFILE, "recvfile" },
630 { SMB_VFS_OP_RENAME, "rename" },
631 { SMB_VFS_OP_FSYNC, "fsync" },
632 { SMB_VFS_OP_STAT, "stat" },
633 { SMB_VFS_OP_FSTAT, "fstat" },
634 { SMB_VFS_OP_LSTAT, "lstat" },
635 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
636 { SMB_VFS_OP_UNLINK, "unlink" },
637 { SMB_VFS_OP_CHMOD, "chmod" },
638 { SMB_VFS_OP_FCHMOD, "fchmod" },
639 { SMB_VFS_OP_CHOWN, "chown" },
640 { SMB_VFS_OP_FCHOWN, "fchown" },
641 { SMB_VFS_OP_LCHOWN, "lchown" },
642 { SMB_VFS_OP_CHDIR, "chdir" },
643 { SMB_VFS_OP_GETWD, "getwd" },
644 { SMB_VFS_OP_NTIMES, "ntimes" },
645 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
646 { SMB_VFS_OP_LOCK, "lock" },
647 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
648 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
649 { SMB_VFS_OP_GETLOCK, "getlock" },
650 { SMB_VFS_OP_SYMLINK, "symlink" },
651 { SMB_VFS_OP_READLINK, "readlink" },
652 { SMB_VFS_OP_LINK, "link" },
653 { SMB_VFS_OP_MKNOD, "mknod" },
654 { SMB_VFS_OP_REALPATH, "realpath" },
655 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
656 { SMB_VFS_OP_CHFLAGS, "chflags" },
657 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
658 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
659 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
660 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
661 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
662 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
663 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
664 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
665 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
666 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
667 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
668 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
669 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
670 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
671 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
672 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
673 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
674 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
675 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
676 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
677 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
678 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
679 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
680 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
681 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
682 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
683 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
684 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
685 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
686 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
687 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
688 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
689 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
690 { SMB_VFS_OP_GETXATTR, "getxattr" },
691 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
692 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
693 { SMB_VFS_OP_LISTXATTR, "listxattr" },
694 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
695 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
696 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
697 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
698 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
699 { SMB_VFS_OP_SETXATTR, "setxattr" },
700 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
701 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
702 { SMB_VFS_OP_AIO_READ, "aio_read" },
703 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
704 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
705 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
706 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
707 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
708 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
709 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
710 { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
711 { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
712 { SMB_VFS_OP_LAST, NULL }
715 static int audit_syslog_facility(vfs_handle_struct *handle)
717 static const struct enum_list enum_log_facilities[] = {
718 { LOG_USER, "USER" },
719 { LOG_LOCAL0, "LOCAL0" },
720 { LOG_LOCAL1, "LOCAL1" },
721 { LOG_LOCAL2, "LOCAL2" },
722 { LOG_LOCAL3, "LOCAL3" },
723 { LOG_LOCAL4, "LOCAL4" },
724 { LOG_LOCAL5, "LOCAL5" },
725 { LOG_LOCAL6, "LOCAL6" },
726 { LOG_LOCAL7, "LOCAL7" }
731 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
736 static int audit_syslog_priority(vfs_handle_struct *handle)
738 static const struct enum_list enum_log_priorities[] = {
739 { LOG_EMERG, "EMERG" },
740 { LOG_ALERT, "ALERT" },
741 { LOG_CRIT, "CRIT" },
743 { LOG_WARNING, "WARNING" },
744 { LOG_NOTICE, "NOTICE" },
745 { LOG_INFO, "INFO" },
746 { LOG_DEBUG, "DEBUG" }
751 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
752 enum_log_priorities, LOG_NOTICE);
753 if (priority == -1) {
754 priority = LOG_WARNING;
760 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
765 prefix = talloc_strdup(ctx,
766 lp_parm_const_string(SNUM(conn), "full_audit",
771 result = talloc_sub_advanced(ctx,
772 lp_servicename(SNUM(conn)),
773 conn->server_info->unix_name,
775 conn->server_info->utok.gid,
776 conn->server_info->sanitized_username,
777 pdb_get_domain(conn->server_info->sam_account),
783 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
785 struct vfs_full_audit_private_data *pd = NULL;
787 SMB_VFS_HANDLE_GET_DATA(handle, pd,
788 struct vfs_full_audit_private_data,
791 if (pd->success_ops == NULL) {
795 return bitmap_query(pd->success_ops, op);
798 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
800 struct vfs_full_audit_private_data *pd = NULL;
802 SMB_VFS_HANDLE_GET_DATA(handle, pd,
803 struct vfs_full_audit_private_data,
806 if (pd->failure_ops == NULL)
809 return bitmap_query(pd->failure_ops, op);
812 static void init_bitmap(struct bitmap **bm, const char **ops)
814 bool log_all = False;
819 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
822 DEBUG(0, ("Could not alloc bitmap -- "
823 "defaulting to logging everything\n"));
827 while (*ops != NULL) {
831 if (strequal(*ops, "all")) {
836 if (strequal(*ops, "none")) {
840 for (i=0; i<SMB_VFS_OP_LAST; i++) {
841 if (vfs_op_names[i].name == NULL) {
842 smb_panic("vfs_full_audit.c: name table not "
843 "in sync with vfs.h\n");
846 if (strequal(*ops, vfs_op_names[i].name)) {
852 DEBUG(0, ("Could not find opname %s, logging all\n",
861 /* The query functions default to True */
867 static const char *audit_opname(vfs_op_type op)
869 if (op >= SMB_VFS_OP_LAST)
870 return "INVALID VFS OP";
871 return vfs_op_names[op].name;
874 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
875 const char *format, ...)
878 char *audit_pre = NULL;
882 if (success && (!log_success(handle, op)))
885 if (!success && (!log_failure(handle, op)))
889 fstrcpy(err_msg, "ok");
891 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
893 va_start(ap, format);
894 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
901 audit_pre = audit_prefix(talloc_tos(), handle->conn);
902 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
903 audit_pre ? audit_pre : "",
904 audit_opname(op), err_msg, op_msg);
906 TALLOC_FREE(audit_pre);
912 /* Free function for the private data. */
914 static void free_private_data(void **p_data)
916 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
918 if (pd->success_ops) {
919 bitmap_free(pd->success_ops);
921 if (pd->failure_ops) {
922 bitmap_free(pd->failure_ops);
928 /* Implementation of vfs_ops. Pass everything on to the default
929 operation but log event first. */
931 static int smb_full_audit_connect(vfs_handle_struct *handle,
932 const char *svc, const char *user)
935 struct vfs_full_audit_private_data *pd = NULL;
936 const char *none[] = { NULL };
937 const char *all [] = { "all" };
943 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
949 openlog("smbd_audit", 0, audit_syslog_facility(handle));
951 init_bitmap(&pd->success_ops,
952 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
954 init_bitmap(&pd->failure_ops,
955 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
958 /* Store the private data. */
959 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
960 struct vfs_full_audit_private_data, return -1);
962 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
964 do_log(SMB_VFS_OP_CONNECT, True, handle,
970 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
972 SMB_VFS_NEXT_DISCONNECT(handle);
974 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
975 "%s", lp_servicename(SNUM(handle->conn)));
977 /* The bitmaps will be disconnected when the private
983 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
985 bool small_query, uint64_t *bsize,
986 uint64_t *dfree, uint64_t *dsize)
990 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
993 /* Don't have a reasonable notion of failure here */
995 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
1000 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
1001 enum SMB_QUOTA_TYPE qtype, unid_t id,
1006 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
1008 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
1014 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
1015 enum SMB_QUOTA_TYPE qtype, unid_t id,
1020 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
1022 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
1027 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
1028 struct files_struct *fsp,
1029 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
1033 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
1035 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
1040 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
1042 struct vfs_statvfs_struct *statbuf)
1046 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
1048 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
1053 static int smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle)
1057 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle);
1059 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
1064 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
1065 const char *fname, const char *mask, uint32 attr)
1067 SMB_STRUCT_DIR *result;
1069 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
1071 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
1076 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
1077 SMB_STRUCT_DIR *dirp, SMB_STRUCT_STAT *sbuf)
1079 SMB_STRUCT_DIRENT *result;
1081 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
1083 /* This operation has no reasonable error condition
1084 * (End of dir is also failure), so always succeed.
1086 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1091 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
1092 SMB_STRUCT_DIR *dirp, long offset)
1094 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1096 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1100 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1101 SMB_STRUCT_DIR *dirp)
1105 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1107 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1112 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1113 SMB_STRUCT_DIR *dirp)
1115 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1117 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1121 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1122 const char *path, mode_t mode)
1126 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1128 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1133 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1138 result = SMB_VFS_NEXT_RMDIR(handle, path);
1140 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1145 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1146 SMB_STRUCT_DIR *dirp)
1150 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1152 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1157 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
1158 SMB_STRUCT_DIR *dirp)
1160 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
1162 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
1166 static int smb_full_audit_open(vfs_handle_struct *handle,
1167 const char *fname, files_struct *fsp, int flags, mode_t mode)
1171 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1173 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1174 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1180 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1181 struct smb_request *req,
1182 uint16_t root_dir_fid,
1184 uint32_t create_file_flags,
1185 uint32_t access_mask,
1186 uint32_t share_access,
1187 uint32_t create_disposition,
1188 uint32_t create_options,
1189 uint32_t file_attributes,
1190 uint32_t oplock_request,
1191 uint64_t allocation_size,
1192 struct security_descriptor *sd,
1193 struct ea_list *ea_list,
1194 files_struct **result_fsp,
1196 SMB_STRUCT_STAT *psbuf)
1200 result = SMB_VFS_NEXT_CREATE_FILE(
1201 handle, /* handle */
1203 root_dir_fid, /* root_dir_fid */
1205 create_file_flags, /* create_file_flags */
1206 access_mask, /* access_mask */
1207 share_access, /* share_access */
1208 create_disposition, /* create_disposition*/
1209 create_options, /* create_options */
1210 file_attributes, /* file_attributes */
1211 oplock_request, /* oplock_request */
1212 allocation_size, /* allocation_size */
1214 ea_list, /* ea_list */
1215 result_fsp, /* result */
1219 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
1220 access_mask, fname);
1225 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1229 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1231 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1236 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1237 void *data, size_t n)
1241 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1243 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1248 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1249 void *data, size_t n, SMB_OFF_T offset)
1253 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1255 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1260 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1261 const void *data, size_t n)
1265 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1267 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1272 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1273 const void *data, size_t n,
1278 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1280 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1285 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1286 SMB_OFF_T offset, int whence)
1290 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1292 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1293 "%s", fsp->fsp_name);
1298 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1299 files_struct *fromfsp,
1300 const DATA_BLOB *hdr, SMB_OFF_T offset,
1305 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1307 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1308 "%s", fromfsp->fsp_name);
1313 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1314 files_struct *tofsp,
1320 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1322 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1323 "%s", tofsp->fsp_name);
1328 static int smb_full_audit_rename(vfs_handle_struct *handle,
1329 const char *oldname, const char *newname)
1333 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1335 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1340 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1344 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1346 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1351 static int smb_full_audit_stat(vfs_handle_struct *handle,
1352 const char *fname, SMB_STRUCT_STAT *sbuf)
1356 result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1358 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1363 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1364 SMB_STRUCT_STAT *sbuf)
1368 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1370 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1375 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1376 const char *path, SMB_STRUCT_STAT *sbuf)
1380 result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1382 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1387 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1388 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1392 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1394 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result >= 0), handle, "%d", result);
1399 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1404 result = SMB_VFS_NEXT_UNLINK(handle, path);
1406 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1411 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1412 const char *path, mode_t mode)
1416 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1418 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1423 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1428 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1430 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1431 "%s|%o", fsp->fsp_name, mode);
1436 static int smb_full_audit_chown(vfs_handle_struct *handle,
1437 const char *path, uid_t uid, gid_t gid)
1441 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1443 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1444 path, (long int)uid, (long int)gid);
1449 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1450 uid_t uid, gid_t gid)
1454 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1456 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1457 fsp->fsp_name, (long int)uid, (long int)gid);
1462 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1463 const char *path, uid_t uid, gid_t gid)
1467 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1469 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1470 path, (long int)uid, (long int)gid);
1475 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1480 result = SMB_VFS_NEXT_CHDIR(handle, path);
1482 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1487 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1492 result = SMB_VFS_NEXT_GETWD(handle, path);
1494 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1499 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1500 const char *path, struct smb_file_time *ft)
1504 result = SMB_VFS_NEXT_NTIMES(handle, path, ft);
1506 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1511 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1516 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1518 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1519 "%s", fsp->fsp_name);
1524 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1525 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1529 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1531 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp->fsp_name);
1536 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1537 struct files_struct *fsp,
1542 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1544 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1550 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1555 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1557 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1563 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1564 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1568 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1570 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp->fsp_name);
1575 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1576 const char *oldpath, const char *newpath)
1580 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1582 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1583 "%s|%s", oldpath, newpath);
1588 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1589 const char *path, char *buf, size_t bufsiz)
1593 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1595 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1600 static int smb_full_audit_link(vfs_handle_struct *handle,
1601 const char *oldpath, const char *newpath)
1605 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1607 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1608 "%s|%s", oldpath, newpath);
1613 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1614 const char *pathname, mode_t mode, SMB_DEV_T dev)
1618 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1620 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1625 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1626 const char *path, char *resolved_path)
1630 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1632 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1637 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1638 struct sys_notify_context *ctx,
1639 struct notify_entry *e,
1640 void (*callback)(struct sys_notify_context *ctx,
1642 struct notify_event *ev),
1643 void *private_data, void *handle_p)
1647 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1649 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1654 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1655 const char *path, unsigned int flags)
1659 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1661 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1666 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1667 const SMB_STRUCT_STAT *sbuf)
1669 struct file_id id_zero;
1670 struct file_id result;
1672 ZERO_STRUCT(id_zero);
1674 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1676 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1677 !file_id_equal(&id_zero, &result),
1678 handle, "%s", file_id_string_tos(&result));
1683 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1684 struct files_struct *fsp,
1686 TALLOC_CTX *mem_ctx,
1687 unsigned int *pnum_streams,
1688 struct stream_struct **pstreams)
1692 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1693 pnum_streams, pstreams);
1695 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1701 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1704 TALLOC_CTX *mem_ctx,
1709 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1712 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1713 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1718 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1719 struct byte_range_lock *br_lck,
1720 struct lock_struct *plock,
1722 struct blocking_lock_record *blr)
1726 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1727 blocking_lock, blr);
1729 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1730 "%s:%llu-%llu. type=%d. blocking=%d", br_lck->fsp->fsp_name,
1731 plock->start, plock->size, plock->lock_type, blocking_lock );
1736 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1737 struct messaging_context *msg_ctx,
1738 struct byte_range_lock *br_lck,
1739 const struct lock_struct *plock)
1743 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1746 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1747 "%s:%llu-%llu:%d", br_lck->fsp->fsp_name, plock->start,
1748 plock->size, plock->lock_type);
1753 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1754 struct byte_range_lock *br_lck,
1755 struct lock_struct *plock,
1756 struct blocking_lock_record *blr)
1760 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1762 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1763 "%s:%llu-%llu:%d", br_lck->fsp->fsp_name, plock->start,
1769 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1770 uint32 security_info,
1775 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1777 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1778 "%s", fsp->fsp_name);
1783 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1785 uint32 security_info,
1790 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1792 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1798 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1799 uint32 security_info_sent,
1800 const SEC_DESC *psd)
1804 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1806 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1811 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1812 const char *path, mode_t mode)
1816 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1818 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1819 "%s|%o", path, mode);
1824 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1829 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1831 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1832 "%s|%o", fsp->fsp_name, mode);
1837 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1839 SMB_ACL_T theacl, int entry_id,
1840 SMB_ACL_ENTRY_T *entry_p)
1844 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1847 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1853 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1855 SMB_ACL_ENTRY_T entry_d,
1856 SMB_ACL_TAG_T *tag_type_p)
1860 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1863 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1869 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1871 SMB_ACL_ENTRY_T entry_d,
1872 SMB_ACL_PERMSET_T *permset_p)
1876 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1879 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1885 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1887 SMB_ACL_ENTRY_T entry_d)
1891 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1893 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1899 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1901 SMB_ACL_TYPE_T type)
1905 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1907 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1913 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1918 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1920 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1921 "%s", fsp->fsp_name);
1926 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1928 SMB_ACL_PERMSET_T permset)
1932 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1934 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1940 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1942 SMB_ACL_PERMSET_T permset,
1943 SMB_ACL_PERM_T perm)
1947 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1949 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1955 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1961 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1963 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1969 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1975 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1977 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1983 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1985 SMB_ACL_ENTRY_T *pentry)
1989 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1991 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1997 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1999 SMB_ACL_ENTRY_T entry,
2000 SMB_ACL_TAG_T tagtype)
2004 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
2007 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
2013 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
2015 SMB_ACL_ENTRY_T entry,
2020 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
2022 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
2028 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
2030 SMB_ACL_ENTRY_T entry,
2031 SMB_ACL_PERMSET_T permset)
2035 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
2037 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
2043 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
2049 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
2051 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
2057 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
2059 const char *name, SMB_ACL_TYPE_T acltype,
2064 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
2067 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
2073 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
2078 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
2080 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2081 "%s", fsp->fsp_name);
2086 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2092 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
2094 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
2100 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
2102 SMB_ACL_PERMSET_T permset,
2103 SMB_ACL_PERM_T perm)
2107 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
2109 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
2115 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
2121 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
2123 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
2129 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
2131 SMB_ACL_T posix_acl)
2135 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
2137 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
2143 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
2145 SMB_ACL_TAG_T tagtype)
2149 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
2152 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
2158 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2160 const char *name, void *value, size_t size)
2164 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
2166 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2167 "%s|%s", path, name);
2172 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
2173 const char *path, const char *name,
2174 void *value, size_t size)
2178 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
2180 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
2181 "%s|%s", path, name);
2186 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2187 struct files_struct *fsp,
2188 const char *name, void *value, size_t size)
2192 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2194 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2195 "%s|%s", fsp->fsp_name, name);
2200 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2201 const char *path, char *list, size_t size)
2205 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
2207 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
2212 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
2213 const char *path, char *list, size_t size)
2217 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
2219 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
2224 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2225 struct files_struct *fsp, char *list,
2230 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2232 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2233 "%s", fsp->fsp_name);
2238 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2244 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2246 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2247 "%s|%s", path, name);
2252 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2258 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2260 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2261 "%s|%s", path, name);
2266 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2267 struct files_struct *fsp,
2272 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2274 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2275 "%s|%s", fsp->fsp_name, name);
2280 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2282 const char *name, const void *value, size_t size,
2287 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2290 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2291 "%s|%s", path, name);
2296 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2298 const char *name, const void *value, size_t size,
2303 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2306 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2307 "%s|%s", path, name);
2312 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2313 struct files_struct *fsp, const char *name,
2314 const void *value, size_t size, int flags)
2318 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2320 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2321 "%s|%s", fsp->fsp_name, name);
2326 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2330 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2331 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2332 "%s", fsp->fsp_name);
2337 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2341 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2342 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2343 "%s", fsp->fsp_name);
2348 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2352 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2353 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2354 "%s", fsp->fsp_name);
2359 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2363 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2364 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2365 "%s", fsp->fsp_name);
2370 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2374 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2375 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2376 "%s", fsp->fsp_name);
2381 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2385 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2386 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2387 "%s", fsp->fsp_name);
2392 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2396 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2397 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2398 "%s", fsp->fsp_name);
2403 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2404 struct files_struct *fsp)
2408 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2409 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2410 "%s", fsp->fsp_name);
2415 NTSTATUS vfs_full_audit_init(void);
2416 NTSTATUS vfs_full_audit_init(void)
2418 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2419 "full_audit", audit_op_tuples);
2421 if (!NT_STATUS_IS_OK(ret))
2424 vfs_full_audit_debug_level = debug_add_class("full_audit");
2425 if (vfs_full_audit_debug_level == -1) {
2426 vfs_full_audit_debug_level = DBGC_VFS;
2427 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2430 DEBUG(10, ("vfs_full_audit: Debug class number of "
2431 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / kai / samba.git / blob