2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
70 #include "libcli/security/sddl.h"
71 #include "passdb/machine_sid.h"
73 static int vfs_full_audit_debug_level = DBGC_VFS;
75 struct vfs_full_audit_private_data {
76 struct bitmap *success_ops;
77 struct bitmap *failure_ops;
85 #define DBGC_CLASS vfs_full_audit_debug_level
87 typedef enum _vfs_op_type {
92 SMB_VFS_OP_CONNECT = 0,
93 SMB_VFS_OP_DISCONNECT,
97 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
99 SMB_VFS_OP_FS_CAPABILITIES,
100 SMB_VFS_OP_GET_DFS_REFERRALS,
102 /* Directory operations */
105 SMB_VFS_OP_FDOPENDIR,
109 SMB_VFS_OP_REWINDDIR,
113 SMB_VFS_OP_INIT_SEARCH_OP,
115 /* File operations */
118 SMB_VFS_OP_CREATE_FILE,
122 SMB_VFS_OP_PREAD_SEND,
123 SMB_VFS_OP_PREAD_RECV,
126 SMB_VFS_OP_PWRITE_SEND,
127 SMB_VFS_OP_PWRITE_RECV,
133 SMB_VFS_OP_FSYNC_SEND,
134 SMB_VFS_OP_FSYNC_RECV,
138 SMB_VFS_OP_GET_ALLOC_SIZE,
148 SMB_VFS_OP_FTRUNCATE,
149 SMB_VFS_OP_FALLOCATE,
151 SMB_VFS_OP_KERNEL_FLOCK,
152 SMB_VFS_OP_LINUX_SETLEASE,
160 SMB_VFS_OP_FILE_ID_CREATE,
161 SMB_VFS_OP_STREAMINFO,
162 SMB_VFS_OP_GET_REAL_FILENAME,
163 SMB_VFS_OP_CONNECTPATH,
164 SMB_VFS_OP_BRL_LOCK_WINDOWS,
165 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
166 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
167 SMB_VFS_OP_STRICT_LOCK_CHECK,
168 SMB_VFS_OP_TRANSLATE_NAME,
170 SMB_VFS_OP_OFFLOAD_READ_SEND,
171 SMB_VFS_OP_OFFLOAD_READ_RECV,
172 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
173 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
174 SMB_VFS_OP_GET_COMPRESSION,
175 SMB_VFS_OP_SET_COMPRESSION,
176 SMB_VFS_OP_SNAP_CHECK_PATH,
177 SMB_VFS_OP_SNAP_CREATE,
178 SMB_VFS_OP_SNAP_DELETE,
180 /* DOS attribute operations. */
181 SMB_VFS_OP_GET_DOS_ATTRIBUTES,
182 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
183 SMB_VFS_OP_SET_DOS_ATTRIBUTES,
184 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
186 /* NT ACL operations. */
188 SMB_VFS_OP_FGET_NT_ACL,
189 SMB_VFS_OP_GET_NT_ACL,
190 SMB_VFS_OP_FSET_NT_ACL,
191 SMB_VFS_OP_AUDIT_FILE,
193 /* POSIX ACL operations. */
195 SMB_VFS_OP_CHMOD_ACL,
196 SMB_VFS_OP_FCHMOD_ACL,
198 SMB_VFS_OP_SYS_ACL_GET_FILE,
199 SMB_VFS_OP_SYS_ACL_GET_FD,
200 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
201 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
202 SMB_VFS_OP_SYS_ACL_SET_FILE,
203 SMB_VFS_OP_SYS_ACL_SET_FD,
204 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
208 SMB_VFS_OP_FGETXATTR,
209 SMB_VFS_OP_LISTXATTR,
210 SMB_VFS_OP_FLISTXATTR,
211 SMB_VFS_OP_REMOVEXATTR,
212 SMB_VFS_OP_FREMOVEXATTR,
214 SMB_VFS_OP_FSETXATTR,
217 SMB_VFS_OP_AIO_FORCE,
219 /* offline operations */
220 SMB_VFS_OP_IS_OFFLINE,
221 SMB_VFS_OP_SET_OFFLINE,
223 /* Durable handle operations. */
224 SMB_VFS_OP_DURABLE_COOKIE,
225 SMB_VFS_OP_DURABLE_DISCONNECT,
226 SMB_VFS_OP_DURABLE_RECONNECT,
228 SMB_VFS_OP_READDIR_ATTR,
230 /* This should always be last enum value */
235 /* The following array *must* be in the same order as defined in vfs_op_type */
241 { SMB_VFS_OP_CONNECT, "connect" },
242 { SMB_VFS_OP_DISCONNECT, "disconnect" },
243 { SMB_VFS_OP_DISK_FREE, "disk_free" },
244 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
245 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
246 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
247 { SMB_VFS_OP_STATVFS, "statvfs" },
248 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
249 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
250 { SMB_VFS_OP_OPENDIR, "opendir" },
251 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
252 { SMB_VFS_OP_READDIR, "readdir" },
253 { SMB_VFS_OP_SEEKDIR, "seekdir" },
254 { SMB_VFS_OP_TELLDIR, "telldir" },
255 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
256 { SMB_VFS_OP_MKDIR, "mkdir" },
257 { SMB_VFS_OP_RMDIR, "rmdir" },
258 { SMB_VFS_OP_CLOSEDIR, "closedir" },
259 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
260 { SMB_VFS_OP_OPEN, "open" },
261 { SMB_VFS_OP_CREATE_FILE, "create_file" },
262 { SMB_VFS_OP_CLOSE, "close" },
263 { SMB_VFS_OP_READ, "read" },
264 { SMB_VFS_OP_PREAD, "pread" },
265 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
266 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
267 { SMB_VFS_OP_WRITE, "write" },
268 { SMB_VFS_OP_PWRITE, "pwrite" },
269 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
270 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
271 { SMB_VFS_OP_LSEEK, "lseek" },
272 { SMB_VFS_OP_SENDFILE, "sendfile" },
273 { SMB_VFS_OP_RECVFILE, "recvfile" },
274 { SMB_VFS_OP_RENAME, "rename" },
275 { SMB_VFS_OP_FSYNC, "fsync" },
276 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
277 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
278 { SMB_VFS_OP_STAT, "stat" },
279 { SMB_VFS_OP_FSTAT, "fstat" },
280 { SMB_VFS_OP_LSTAT, "lstat" },
281 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
282 { SMB_VFS_OP_UNLINK, "unlink" },
283 { SMB_VFS_OP_CHMOD, "chmod" },
284 { SMB_VFS_OP_FCHMOD, "fchmod" },
285 { SMB_VFS_OP_CHOWN, "chown" },
286 { SMB_VFS_OP_FCHOWN, "fchown" },
287 { SMB_VFS_OP_LCHOWN, "lchown" },
288 { SMB_VFS_OP_CHDIR, "chdir" },
289 { SMB_VFS_OP_GETWD, "getwd" },
290 { SMB_VFS_OP_NTIMES, "ntimes" },
291 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
292 { SMB_VFS_OP_FALLOCATE,"fallocate" },
293 { SMB_VFS_OP_LOCK, "lock" },
294 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
295 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
296 { SMB_VFS_OP_GETLOCK, "getlock" },
297 { SMB_VFS_OP_SYMLINK, "symlink" },
298 { SMB_VFS_OP_READLINK, "readlink" },
299 { SMB_VFS_OP_LINK, "link" },
300 { SMB_VFS_OP_MKNOD, "mknod" },
301 { SMB_VFS_OP_REALPATH, "realpath" },
302 { SMB_VFS_OP_CHFLAGS, "chflags" },
303 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
304 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
305 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
306 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
307 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
308 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
309 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
310 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
311 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
312 { SMB_VFS_OP_FSCTL, "fsctl" },
313 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
314 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
315 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
316 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
317 { SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
318 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
319 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
320 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
321 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
322 { SMB_VFS_OP_GET_DOS_ATTRIBUTES, "get_dos_attributes" },
323 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
324 { SMB_VFS_OP_SET_DOS_ATTRIBUTES, "set_dos_attributes" },
325 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
326 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
327 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
328 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
329 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
330 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
331 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
332 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
333 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
334 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
335 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
336 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
337 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
338 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
339 { SMB_VFS_OP_GETXATTR, "getxattr" },
340 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
341 { SMB_VFS_OP_LISTXATTR, "listxattr" },
342 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
343 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
344 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
345 { SMB_VFS_OP_SETXATTR, "setxattr" },
346 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
347 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
348 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
349 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
350 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
351 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
352 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
353 { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
354 { SMB_VFS_OP_LAST, NULL }
357 static int audit_syslog_facility(vfs_handle_struct *handle)
359 static const struct enum_list enum_log_facilities[] = {
360 { LOG_USER, "USER" },
361 { LOG_LOCAL0, "LOCAL0" },
362 { LOG_LOCAL1, "LOCAL1" },
363 { LOG_LOCAL2, "LOCAL2" },
364 { LOG_LOCAL3, "LOCAL3" },
365 { LOG_LOCAL4, "LOCAL4" },
366 { LOG_LOCAL5, "LOCAL5" },
367 { LOG_LOCAL6, "LOCAL6" },
368 { LOG_LOCAL7, "LOCAL7" },
374 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
379 static int audit_syslog_priority(vfs_handle_struct *handle)
381 static const struct enum_list enum_log_priorities[] = {
382 { LOG_EMERG, "EMERG" },
383 { LOG_ALERT, "ALERT" },
384 { LOG_CRIT, "CRIT" },
386 { LOG_WARNING, "WARNING" },
387 { LOG_NOTICE, "NOTICE" },
388 { LOG_INFO, "INFO" },
389 { LOG_DEBUG, "DEBUG" },
395 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
396 enum_log_priorities, LOG_NOTICE);
397 if (priority == -1) {
398 priority = LOG_WARNING;
404 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
409 prefix = talloc_strdup(ctx,
410 lp_parm_const_string(SNUM(conn), "full_audit",
415 result = talloc_sub_advanced(ctx,
416 lp_servicename(talloc_tos(), SNUM(conn)),
417 conn->session_info->unix_info->unix_name,
419 conn->session_info->unix_token->gid,
420 conn->session_info->unix_info->sanitized_username,
421 conn->session_info->info->domain_name,
427 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
429 if (pd->success_ops == NULL) {
433 return bitmap_query(pd->success_ops, op);
436 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
438 if (pd->failure_ops == NULL)
441 return bitmap_query(pd->failure_ops, op);
444 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
452 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
454 DEBUG(0, ("Could not alloc bitmap -- "
455 "defaulting to logging everything\n"));
459 for (; *ops != NULL; ops += 1) {
464 if (strequal(*ops, "all")) {
465 for (i=0; i<SMB_VFS_OP_LAST; i++) {
471 if (strequal(*ops, "none")) {
481 for (i=0; i<SMB_VFS_OP_LAST; i++) {
482 if ((vfs_op_names[i].name == NULL)
483 || (vfs_op_names[i].type != i)) {
484 smb_panic("vfs_full_audit.c: name table not "
485 "in sync with vfs_op_type enums\n");
487 if (strequal(op, vfs_op_names[i].name)) {
496 if (i == SMB_VFS_OP_LAST) {
497 DEBUG(0, ("Could not find opname %s, logging all\n",
506 static const char *audit_opname(vfs_op_type op)
508 if (op >= SMB_VFS_OP_LAST)
509 return "INVALID VFS OP";
510 return vfs_op_names[op].name;
513 static TALLOC_CTX *tmp_do_log_ctx;
515 * Get us a temporary talloc context usable just for DEBUG arguments
517 static TALLOC_CTX *do_log_ctx(void)
519 if (tmp_do_log_ctx == NULL) {
520 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
522 return tmp_do_log_ctx;
525 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
526 const char *format, ...)
528 struct vfs_full_audit_private_data *pd;
530 char *audit_pre = NULL;
534 SMB_VFS_HANDLE_GET_DATA(handle, pd,
535 struct vfs_full_audit_private_data,
538 if (success && (!log_success(pd, op)))
541 if (!success && (!log_failure(pd, op)))
545 fstrcpy(err_msg, "ok");
547 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
549 va_start(ap, format);
550 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
557 audit_pre = audit_prefix(talloc_tos(), handle->conn);
563 * Specify the facility to interoperate with other syslog
564 * callers (smbd for example).
566 priority = pd->syslog_priority | pd->syslog_facility;
568 syslog(priority, "%s|%s|%s|%s\n",
569 audit_pre ? audit_pre : "",
570 audit_opname(op), err_msg, op_msg);
572 DEBUG(1, ("%s|%s|%s|%s\n",
573 audit_pre ? audit_pre : "",
574 audit_opname(op), err_msg, op_msg));
577 TALLOC_FREE(audit_pre);
579 TALLOC_FREE(tmp_do_log_ctx);
583 * Return a string using the do_log_ctx()
585 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
590 if (smb_fname == NULL) {
593 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
594 if (!NT_STATUS_IS_OK(status)) {
601 * Return an fsp debug string using the do_log_ctx()
603 static const char *fsp_str_do_log(const struct files_struct *fsp)
605 return smb_fname_str_do_log(fsp->fsp_name);
608 /* Implementation of vfs_ops. Pass everything on to the default
609 operation but log event first. */
611 static int smb_full_audit_connect(vfs_handle_struct *handle,
612 const char *svc, const char *user)
615 struct vfs_full_audit_private_data *pd = NULL;
617 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
622 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
624 SMB_VFS_NEXT_DISCONNECT(handle);
628 pd->syslog_facility = audit_syslog_facility(handle);
629 if (pd->syslog_facility == -1) {
630 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
631 lp_parm_const_string(SNUM(handle->conn),
632 "full_audit", "facility",
634 SMB_VFS_NEXT_DISCONNECT(handle);
638 pd->syslog_priority = audit_syslog_priority(handle);
640 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
641 "full_audit", "log_secdesc", false);
643 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
644 "full_audit", "syslog", true);
648 openlog("smbd_audit", 0, pd->syslog_facility);
652 pd->success_ops = init_bitmap(
653 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
655 pd->failure_ops = init_bitmap(
656 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
659 /* Store the private data. */
660 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
661 struct vfs_full_audit_private_data, return -1);
663 do_log(SMB_VFS_OP_CONNECT, True, handle,
669 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
671 SMB_VFS_NEXT_DISCONNECT(handle);
673 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
674 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
676 /* The bitmaps will be disconnected when the private
680 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
681 const struct smb_filename *smb_fname,
688 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
690 /* Don't have a reasonable notion of failure here */
692 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", smb_fname->base_name);
697 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
698 const struct smb_filename *smb_fname,
699 enum SMB_QUOTA_TYPE qtype,
705 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
707 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "%s",
708 smb_fname->base_name);
713 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
714 enum SMB_QUOTA_TYPE qtype, unid_t id,
719 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
721 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
726 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
727 struct files_struct *fsp,
728 struct shadow_copy_data *shadow_copy_data,
733 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
735 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
740 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
741 const struct smb_filename *smb_fname,
742 struct vfs_statvfs_struct *statbuf)
746 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
748 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
753 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
757 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
759 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
764 static NTSTATUS smb_full_audit_get_dfs_referrals(
765 struct vfs_handle_struct *handle,
766 struct dfs_GetDFSReferral *r)
770 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
772 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
778 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
780 const char *service_path,
785 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
787 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
793 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
795 const char *base_volume,
803 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
804 rw, base_path, snap_path);
805 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
810 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
817 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
819 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
824 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
825 const struct smb_filename *smb_fname,
831 result = SMB_VFS_NEXT_OPENDIR(handle, smb_fname, mask, attr);
833 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s",
834 smb_fname->base_name);
839 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
840 files_struct *fsp, const char *mask, uint32_t attr)
844 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
846 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
847 fsp_str_do_log(fsp));
852 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
853 DIR *dirp, SMB_STRUCT_STAT *sbuf)
855 struct dirent *result;
857 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
859 /* This operation has no reasonable error condition
860 * (End of dir is also failure), so always succeed.
862 do_log(SMB_VFS_OP_READDIR, True, handle, "");
867 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
868 DIR *dirp, long offset)
870 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
872 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
875 static long smb_full_audit_telldir(vfs_handle_struct *handle,
880 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
882 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
887 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
890 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
892 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
895 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
896 const struct smb_filename *smb_fname, mode_t mode)
900 result = SMB_VFS_NEXT_MKDIR(handle, smb_fname, mode);
902 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s",
903 smb_fname->base_name);
908 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
909 const struct smb_filename *smb_fname)
913 result = SMB_VFS_NEXT_RMDIR(handle, smb_fname);
915 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s",
916 smb_fname->base_name);
921 static int smb_full_audit_closedir(vfs_handle_struct *handle,
926 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
928 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
933 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
936 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
938 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
941 static int smb_full_audit_open(vfs_handle_struct *handle,
942 struct smb_filename *smb_fname,
943 files_struct *fsp, int flags, mode_t mode)
947 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
949 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
950 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
951 smb_fname_str_do_log(smb_fname));
956 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
957 struct smb_request *req,
958 uint16_t root_dir_fid,
959 struct smb_filename *smb_fname,
960 uint32_t access_mask,
961 uint32_t share_access,
962 uint32_t create_disposition,
963 uint32_t create_options,
964 uint32_t file_attributes,
965 uint32_t oplock_request,
966 struct smb2_lease *lease,
967 uint64_t allocation_size,
968 uint32_t private_flags,
969 struct security_descriptor *sd,
970 struct ea_list *ea_list,
971 files_struct **result_fsp,
973 const struct smb2_create_blobs *in_context_blobs,
974 struct smb2_create_blobs *out_context_blobs)
977 const char* str_create_disposition;
979 switch (create_disposition) {
981 str_create_disposition = "supersede";
983 case FILE_OVERWRITE_IF:
984 str_create_disposition = "overwrite_if";
987 str_create_disposition = "open";
990 str_create_disposition = "overwrite";
993 str_create_disposition = "create";
996 str_create_disposition = "open_if";
999 str_create_disposition = "unknown";
1002 result = SMB_VFS_NEXT_CREATE_FILE(
1003 handle, /* handle */
1005 root_dir_fid, /* root_dir_fid */
1006 smb_fname, /* fname */
1007 access_mask, /* access_mask */
1008 share_access, /* share_access */
1009 create_disposition, /* create_disposition*/
1010 create_options, /* create_options */
1011 file_attributes, /* file_attributes */
1012 oplock_request, /* oplock_request */
1014 allocation_size, /* allocation_size */
1017 ea_list, /* ea_list */
1018 result_fsp, /* result */
1020 in_context_blobs, out_context_blobs); /* create context */
1022 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1023 "0x%x|%s|%s|%s", access_mask,
1024 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1025 str_create_disposition, smb_fname_str_do_log(smb_fname));
1030 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1034 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1036 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1037 fsp_str_do_log(fsp));
1042 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1043 void *data, size_t n)
1047 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1049 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
1050 fsp_str_do_log(fsp));
1055 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1056 void *data, size_t n, off_t offset)
1060 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1062 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1063 fsp_str_do_log(fsp));
1068 struct smb_full_audit_pread_state {
1069 vfs_handle_struct *handle;
1072 struct vfs_aio_state vfs_aio_state;
1075 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1077 static struct tevent_req *smb_full_audit_pread_send(
1078 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1079 struct tevent_context *ev, struct files_struct *fsp,
1080 void *data, size_t n, off_t offset)
1082 struct tevent_req *req, *subreq;
1083 struct smb_full_audit_pread_state *state;
1085 req = tevent_req_create(mem_ctx, &state,
1086 struct smb_full_audit_pread_state);
1088 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1089 fsp_str_do_log(fsp));
1092 state->handle = handle;
1095 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1097 if (tevent_req_nomem(subreq, req)) {
1098 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1099 fsp_str_do_log(fsp));
1100 return tevent_req_post(req, ev);
1102 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1104 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1108 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1110 struct tevent_req *req = tevent_req_callback_data(
1111 subreq, struct tevent_req);
1112 struct smb_full_audit_pread_state *state = tevent_req_data(
1113 req, struct smb_full_audit_pread_state);
1115 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1116 TALLOC_FREE(subreq);
1117 tevent_req_done(req);
1120 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1121 struct vfs_aio_state *vfs_aio_state)
1123 struct smb_full_audit_pread_state *state = tevent_req_data(
1124 req, struct smb_full_audit_pread_state);
1126 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1127 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1128 fsp_str_do_log(state->fsp));
1132 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1133 fsp_str_do_log(state->fsp));
1135 *vfs_aio_state = state->vfs_aio_state;
1139 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1140 const void *data, size_t n)
1144 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1146 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1147 fsp_str_do_log(fsp));
1152 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1153 const void *data, size_t n,
1158 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1160 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1161 fsp_str_do_log(fsp));
1166 struct smb_full_audit_pwrite_state {
1167 vfs_handle_struct *handle;
1170 struct vfs_aio_state vfs_aio_state;
1173 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1175 static struct tevent_req *smb_full_audit_pwrite_send(
1176 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1177 struct tevent_context *ev, struct files_struct *fsp,
1178 const void *data, size_t n, off_t offset)
1180 struct tevent_req *req, *subreq;
1181 struct smb_full_audit_pwrite_state *state;
1183 req = tevent_req_create(mem_ctx, &state,
1184 struct smb_full_audit_pwrite_state);
1186 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1187 fsp_str_do_log(fsp));
1190 state->handle = handle;
1193 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1195 if (tevent_req_nomem(subreq, req)) {
1196 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1197 fsp_str_do_log(fsp));
1198 return tevent_req_post(req, ev);
1200 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1202 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1203 fsp_str_do_log(fsp));
1207 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1209 struct tevent_req *req = tevent_req_callback_data(
1210 subreq, struct tevent_req);
1211 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1212 req, struct smb_full_audit_pwrite_state);
1214 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1215 TALLOC_FREE(subreq);
1216 tevent_req_done(req);
1219 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1220 struct vfs_aio_state *vfs_aio_state)
1222 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1223 req, struct smb_full_audit_pwrite_state);
1225 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1226 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1227 fsp_str_do_log(state->fsp));
1231 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1232 fsp_str_do_log(state->fsp));
1234 *vfs_aio_state = state->vfs_aio_state;
1238 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1239 off_t offset, int whence)
1243 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1245 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1246 "%s", fsp_str_do_log(fsp));
1251 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1252 files_struct *fromfsp,
1253 const DATA_BLOB *hdr, off_t offset,
1258 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1260 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1261 "%s", fsp_str_do_log(fromfsp));
1266 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1267 files_struct *tofsp,
1273 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1275 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1276 "%s", fsp_str_do_log(tofsp));
1281 static int smb_full_audit_rename(vfs_handle_struct *handle,
1282 const struct smb_filename *smb_fname_src,
1283 const struct smb_filename *smb_fname_dst)
1287 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1289 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1290 smb_fname_str_do_log(smb_fname_src),
1291 smb_fname_str_do_log(smb_fname_dst));
1296 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1300 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1302 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1303 fsp_str_do_log(fsp));
1308 struct smb_full_audit_fsync_state {
1309 vfs_handle_struct *handle;
1312 struct vfs_aio_state vfs_aio_state;
1315 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1317 static struct tevent_req *smb_full_audit_fsync_send(
1318 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1319 struct tevent_context *ev, struct files_struct *fsp)
1321 struct tevent_req *req, *subreq;
1322 struct smb_full_audit_fsync_state *state;
1324 req = tevent_req_create(mem_ctx, &state,
1325 struct smb_full_audit_fsync_state);
1327 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1328 fsp_str_do_log(fsp));
1331 state->handle = handle;
1334 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1335 if (tevent_req_nomem(subreq, req)) {
1336 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1337 fsp_str_do_log(fsp));
1338 return tevent_req_post(req, ev);
1340 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1342 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1346 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1348 struct tevent_req *req = tevent_req_callback_data(
1349 subreq, struct tevent_req);
1350 struct smb_full_audit_fsync_state *state = tevent_req_data(
1351 req, struct smb_full_audit_fsync_state);
1353 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1354 TALLOC_FREE(subreq);
1355 tevent_req_done(req);
1358 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1359 struct vfs_aio_state *vfs_aio_state)
1361 struct smb_full_audit_fsync_state *state = tevent_req_data(
1362 req, struct smb_full_audit_fsync_state);
1364 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1365 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1366 fsp_str_do_log(state->fsp));
1370 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1371 fsp_str_do_log(state->fsp));
1373 *vfs_aio_state = state->vfs_aio_state;
1377 static int smb_full_audit_stat(vfs_handle_struct *handle,
1378 struct smb_filename *smb_fname)
1382 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1384 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1385 smb_fname_str_do_log(smb_fname));
1390 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1391 SMB_STRUCT_STAT *sbuf)
1395 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1397 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1398 fsp_str_do_log(fsp));
1403 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1404 struct smb_filename *smb_fname)
1408 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1410 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1411 smb_fname_str_do_log(smb_fname));
1416 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1417 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1421 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1423 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1429 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1430 const struct smb_filename *smb_fname)
1434 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1436 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1437 smb_fname_str_do_log(smb_fname));
1442 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1443 const struct smb_filename *smb_fname,
1448 result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
1450 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o",
1451 smb_fname->base_name,
1457 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1462 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1464 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1465 "%s|%o", fsp_str_do_log(fsp), mode);
1470 static int smb_full_audit_chown(vfs_handle_struct *handle,
1471 const struct smb_filename *smb_fname,
1477 result = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
1479 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1480 smb_fname->base_name, (long int)uid, (long int)gid);
1485 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1486 uid_t uid, gid_t gid)
1490 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1492 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1493 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1498 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1499 const struct smb_filename *smb_fname,
1505 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1507 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1508 smb_fname->base_name, (long int)uid, (long int)gid);
1513 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1514 const struct smb_filename *smb_fname)
1518 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1520 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s",
1521 smb_fname->base_name);
1526 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1529 struct smb_filename *result;
1531 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1533 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1534 result == NULL? "" : result->base_name);
1539 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1540 const struct smb_filename *smb_fname,
1541 struct smb_file_time *ft)
1545 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1547 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1548 smb_fname_str_do_log(smb_fname));
1553 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1558 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1560 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1561 "%s", fsp_str_do_log(fsp));
1566 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1573 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1575 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1576 "%s", fsp_str_do_log(fsp));
1581 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1582 int op, off_t offset, off_t count, int type)
1586 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1588 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1593 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1594 struct files_struct *fsp,
1595 uint32_t share_mode, uint32_t access_mask)
1599 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1601 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1602 fsp_str_do_log(fsp));
1607 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1612 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1614 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1615 fsp_str_do_log(fsp));
1620 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1621 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1625 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1627 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1632 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1633 const char *link_contents,
1634 const struct smb_filename *new_smb_fname)
1638 result = SMB_VFS_NEXT_SYMLINK(handle, link_contents, new_smb_fname);
1640 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1641 "%s|%s", link_contents, new_smb_fname->base_name);
1646 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1647 const struct smb_filename *smb_fname,
1653 result = SMB_VFS_NEXT_READLINK(handle, smb_fname, buf, bufsiz);
1655 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s",
1656 smb_fname->base_name);
1661 static int smb_full_audit_link(vfs_handle_struct *handle,
1662 const struct smb_filename *old_smb_fname,
1663 const struct smb_filename *new_smb_fname)
1667 result = SMB_VFS_NEXT_LINK(handle, old_smb_fname, new_smb_fname);
1669 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1670 "%s|%s", old_smb_fname->base_name, new_smb_fname->base_name);
1675 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1676 const struct smb_filename *smb_fname,
1682 result = SMB_VFS_NEXT_MKNOD(handle, smb_fname, mode, dev);
1684 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s",
1685 smb_fname->base_name);
1690 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1692 const struct smb_filename *smb_fname)
1694 struct smb_filename *result_fname = NULL;
1696 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1698 do_log(SMB_VFS_OP_REALPATH, (result_fname != NULL), handle, "%s",
1699 smb_fname->base_name);
1701 return result_fname;
1704 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1705 const struct smb_filename *smb_fname,
1710 result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags);
1712 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s",
1713 smb_fname->base_name);
1718 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1719 const SMB_STRUCT_STAT *sbuf)
1721 struct file_id id_zero;
1722 struct file_id result;
1724 ZERO_STRUCT(id_zero);
1726 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1728 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1729 !file_id_equal(&id_zero, &result),
1730 handle, "%s", file_id_string_tos(&result));
1735 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1736 struct files_struct *fsp,
1737 const struct smb_filename *smb_fname,
1738 TALLOC_CTX *mem_ctx,
1739 unsigned int *pnum_streams,
1740 struct stream_struct **pstreams)
1744 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx,
1745 pnum_streams, pstreams);
1747 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1748 "%s", smb_fname->base_name);
1753 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1756 TALLOC_CTX *mem_ctx,
1761 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1764 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1765 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1770 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1771 const struct smb_filename *smb_fname)
1775 result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
1777 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1778 "%s", smb_fname->base_name);
1783 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1784 struct byte_range_lock *br_lck,
1785 struct lock_struct *plock,
1790 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1793 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1794 "%s:%llu-%llu. type=%d. blocking=%d",
1795 fsp_str_do_log(brl_fsp(br_lck)),
1796 plock->start, plock->size, plock->lock_type, blocking_lock);
1801 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1802 struct messaging_context *msg_ctx,
1803 struct byte_range_lock *br_lck,
1804 const struct lock_struct *plock)
1808 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1811 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1812 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1814 plock->size, plock->lock_type);
1819 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1820 struct byte_range_lock *br_lck,
1821 struct lock_struct *plock)
1825 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock);
1827 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1828 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1830 plock->size, plock->lock_type);
1835 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
1836 struct files_struct *fsp,
1837 struct lock_struct *plock)
1841 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
1843 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
1844 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1845 plock->size, plock->lock_type);
1850 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1852 enum vfs_translate_direction direction,
1853 TALLOC_CTX *mem_ctx,
1858 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1861 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1866 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
1867 struct files_struct *fsp,
1871 const uint8_t *_in_data,
1873 uint8_t **_out_data,
1874 uint32_t max_out_len,
1879 result = SMB_VFS_NEXT_FSCTL(handle,
1890 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
1895 static struct tevent_req *smb_full_audit_offload_read_send(
1896 TALLOC_CTX *mem_ctx,
1897 struct tevent_context *ev,
1898 struct vfs_handle_struct *handle,
1899 struct files_struct *fsp,
1905 struct tevent_req *req = NULL;
1907 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
1908 fsctl, ttl, offset, to_copy);
1910 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
1915 static NTSTATUS smb_full_audit_offload_read_recv(
1916 struct tevent_req *req,
1917 struct vfs_handle_struct *handle,
1918 TALLOC_CTX *mem_ctx,
1919 DATA_BLOB *_token_blob)
1923 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
1926 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
1931 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
1932 TALLOC_CTX *mem_ctx,
1933 struct tevent_context *ev,
1936 off_t transfer_offset,
1937 struct files_struct *dest_fsp,
1941 struct tevent_req *req;
1943 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
1944 fsctl, token, transfer_offset,
1945 dest_fsp, dest_off, num);
1947 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
1952 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
1953 struct tevent_req *req,
1958 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
1960 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
1965 static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
1966 TALLOC_CTX *mem_ctx,
1967 struct files_struct *fsp,
1968 struct smb_filename *smb_fname,
1969 uint16_t *_compression_fmt)
1973 result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
1976 do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1978 (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname)));
1983 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
1984 TALLOC_CTX *mem_ctx,
1985 struct files_struct *fsp,
1986 uint16_t compression_fmt)
1990 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
1993 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1994 "%s", fsp_str_do_log(fsp));
1999 static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
2000 const struct smb_filename *fname,
2001 TALLOC_CTX *mem_ctx,
2002 struct readdir_attr_data **pattr_data)
2006 status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
2008 do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
2009 smb_fname_str_do_log(fname));
2014 static NTSTATUS smb_full_audit_get_dos_attributes(
2015 struct vfs_handle_struct *handle,
2016 struct smb_filename *smb_fname,
2021 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
2025 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES,
2026 NT_STATUS_IS_OK(status),
2029 smb_fname_str_do_log(smb_fname));
2034 static NTSTATUS smb_full_audit_fget_dos_attributes(
2035 struct vfs_handle_struct *handle,
2036 struct files_struct *fsp,
2041 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2045 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2046 NT_STATUS_IS_OK(status),
2049 fsp_str_do_log(fsp));
2054 static NTSTATUS smb_full_audit_set_dos_attributes(
2055 struct vfs_handle_struct *handle,
2056 const struct smb_filename *smb_fname,
2061 status = SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
2065 do_log(SMB_VFS_OP_SET_DOS_ATTRIBUTES,
2066 NT_STATUS_IS_OK(status),
2069 smb_fname_str_do_log(smb_fname));
2074 static NTSTATUS smb_full_audit_fset_dos_attributes(
2075 struct vfs_handle_struct *handle,
2076 struct files_struct *fsp,
2081 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2085 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2086 NT_STATUS_IS_OK(status),
2089 fsp_str_do_log(fsp));
2094 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2095 uint32_t security_info,
2096 TALLOC_CTX *mem_ctx,
2097 struct security_descriptor **ppdesc)
2101 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2104 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2105 "%s", fsp_str_do_log(fsp));
2110 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
2111 const struct smb_filename *smb_fname,
2112 uint32_t security_info,
2113 TALLOC_CTX *mem_ctx,
2114 struct security_descriptor **ppdesc)
2118 result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
2121 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2122 "%s", smb_fname_str_do_log(smb_fname));
2127 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2128 uint32_t security_info_sent,
2129 const struct security_descriptor *psd)
2131 struct vfs_full_audit_private_data *pd;
2135 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2136 struct vfs_full_audit_private_data,
2137 return NT_STATUS_INTERNAL_ERROR);
2139 if (pd->log_secdesc) {
2140 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2143 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2145 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2146 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2153 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2154 struct smb_filename *file,
2155 struct security_acl *sacl,
2156 uint32_t access_requested,
2157 uint32_t access_denied)
2161 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2167 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2168 "%s", smb_fname_str_do_log(file));
2173 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
2174 const struct smb_filename *smb_fname,
2179 result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
2181 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
2182 "%s|%o", smb_fname->base_name, mode);
2187 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
2192 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
2194 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
2195 "%s|%o", fsp_str_do_log(fsp), mode);
2200 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
2201 const struct smb_filename *smb_fname,
2202 SMB_ACL_TYPE_T type,
2203 TALLOC_CTX *mem_ctx)
2207 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
2210 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
2211 "%s", smb_fname->base_name);
2216 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2217 files_struct *fsp, TALLOC_CTX *mem_ctx)
2221 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
2223 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2224 "%s", fsp_str_do_log(fsp));
2229 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
2230 const struct smb_filename *smb_fname,
2231 TALLOC_CTX *mem_ctx,
2232 char **blob_description,
2237 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
2238 mem_ctx, blob_description, blob);
2240 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
2241 "%s", smb_fname->base_name);
2246 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2248 TALLOC_CTX *mem_ctx,
2249 char **blob_description,
2254 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2256 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2257 "%s", fsp_str_do_log(fsp));
2262 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
2263 const struct smb_filename *smb_fname,
2264 SMB_ACL_TYPE_T acltype,
2269 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname, acltype,
2272 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
2273 "%s", smb_fname->base_name);
2278 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
2283 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
2285 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2286 "%s", fsp_str_do_log(fsp));
2291 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2292 const struct smb_filename *smb_fname)
2296 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
2298 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
2299 "%s", smb_fname->base_name);
2304 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2305 const struct smb_filename *smb_fname,
2306 const char *name, void *value, size_t size)
2310 result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size);
2312 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2313 "%s|%s", smb_fname->base_name, name);
2318 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2319 struct files_struct *fsp,
2320 const char *name, void *value, size_t size)
2324 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2326 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2327 "%s|%s", fsp_str_do_log(fsp), name);
2332 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2333 const struct smb_filename *smb_fname,
2339 result = SMB_VFS_NEXT_LISTXATTR(handle, smb_fname, list, size);
2341 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s",
2342 smb_fname->base_name);
2347 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2348 struct files_struct *fsp, char *list,
2353 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2355 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2356 "%s", fsp_str_do_log(fsp));
2361 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2362 const struct smb_filename *smb_fname,
2367 result = SMB_VFS_NEXT_REMOVEXATTR(handle, smb_fname, name);
2369 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2370 "%s|%s", smb_fname->base_name, name);
2375 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2376 struct files_struct *fsp,
2381 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2383 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2384 "%s|%s", fsp_str_do_log(fsp), name);
2389 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2390 const struct smb_filename *smb_fname,
2391 const char *name, const void *value, size_t size,
2396 result = SMB_VFS_NEXT_SETXATTR(handle, smb_fname, name, value, size,
2399 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2400 "%s|%s", smb_fname->base_name, name);
2405 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2406 struct files_struct *fsp, const char *name,
2407 const void *value, size_t size, int flags)
2411 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2413 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2414 "%s|%s", fsp_str_do_log(fsp), name);
2419 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2420 struct files_struct *fsp)
2424 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2425 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2426 "%s", fsp_str_do_log(fsp));
2431 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2432 struct files_struct *fsp,
2433 TALLOC_CTX *mem_ctx,
2438 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2443 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2444 "%s", fsp_str_do_log(fsp));
2449 static NTSTATUS smb_full_audit_durable_disconnect(
2450 struct vfs_handle_struct *handle,
2451 struct files_struct *fsp,
2452 const DATA_BLOB old_cookie,
2453 TALLOC_CTX *mem_ctx,
2454 DATA_BLOB *new_cookie)
2458 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2464 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2465 "%s", fsp_str_do_log(fsp));
2470 static NTSTATUS smb_full_audit_durable_reconnect(
2471 struct vfs_handle_struct *handle,
2472 struct smb_request *smb1req,
2473 struct smbXsrv_open *op,
2474 const DATA_BLOB old_cookie,
2475 TALLOC_CTX *mem_ctx,
2476 struct files_struct **fsp,
2477 DATA_BLOB *new_cookie)
2481 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2489 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2490 NT_STATUS_IS_OK(result),
2497 static struct vfs_fn_pointers vfs_full_audit_fns = {
2499 /* Disk operations */
2501 .connect_fn = smb_full_audit_connect,
2502 .disconnect_fn = smb_full_audit_disconnect,
2503 .disk_free_fn = smb_full_audit_disk_free,
2504 .get_quota_fn = smb_full_audit_get_quota,
2505 .set_quota_fn = smb_full_audit_set_quota,
2506 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2507 .statvfs_fn = smb_full_audit_statvfs,
2508 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2509 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2510 .opendir_fn = smb_full_audit_opendir,
2511 .fdopendir_fn = smb_full_audit_fdopendir,
2512 .readdir_fn = smb_full_audit_readdir,
2513 .seekdir_fn = smb_full_audit_seekdir,
2514 .telldir_fn = smb_full_audit_telldir,
2515 .rewind_dir_fn = smb_full_audit_rewinddir,
2516 .mkdir_fn = smb_full_audit_mkdir,
2517 .rmdir_fn = smb_full_audit_rmdir,
2518 .closedir_fn = smb_full_audit_closedir,
2519 .init_search_op_fn = smb_full_audit_init_search_op,
2520 .open_fn = smb_full_audit_open,
2521 .create_file_fn = smb_full_audit_create_file,
2522 .close_fn = smb_full_audit_close,
2523 .read_fn = smb_full_audit_read,
2524 .pread_fn = smb_full_audit_pread,
2525 .pread_send_fn = smb_full_audit_pread_send,
2526 .pread_recv_fn = smb_full_audit_pread_recv,
2527 .write_fn = smb_full_audit_write,
2528 .pwrite_fn = smb_full_audit_pwrite,
2529 .pwrite_send_fn = smb_full_audit_pwrite_send,
2530 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2531 .lseek_fn = smb_full_audit_lseek,
2532 .sendfile_fn = smb_full_audit_sendfile,
2533 .recvfile_fn = smb_full_audit_recvfile,
2534 .rename_fn = smb_full_audit_rename,
2535 .fsync_fn = smb_full_audit_fsync,
2536 .fsync_send_fn = smb_full_audit_fsync_send,
2537 .fsync_recv_fn = smb_full_audit_fsync_recv,
2538 .stat_fn = smb_full_audit_stat,
2539 .fstat_fn = smb_full_audit_fstat,
2540 .lstat_fn = smb_full_audit_lstat,
2541 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2542 .unlink_fn = smb_full_audit_unlink,
2543 .chmod_fn = smb_full_audit_chmod,
2544 .fchmod_fn = smb_full_audit_fchmod,
2545 .chown_fn = smb_full_audit_chown,
2546 .fchown_fn = smb_full_audit_fchown,
2547 .lchown_fn = smb_full_audit_lchown,
2548 .chdir_fn = smb_full_audit_chdir,
2549 .getwd_fn = smb_full_audit_getwd,
2550 .ntimes_fn = smb_full_audit_ntimes,
2551 .ftruncate_fn = smb_full_audit_ftruncate,
2552 .fallocate_fn = smb_full_audit_fallocate,
2553 .lock_fn = smb_full_audit_lock,
2554 .kernel_flock_fn = smb_full_audit_kernel_flock,
2555 .linux_setlease_fn = smb_full_audit_linux_setlease,
2556 .getlock_fn = smb_full_audit_getlock,
2557 .symlink_fn = smb_full_audit_symlink,
2558 .readlink_fn = smb_full_audit_readlink,
2559 .link_fn = smb_full_audit_link,
2560 .mknod_fn = smb_full_audit_mknod,
2561 .realpath_fn = smb_full_audit_realpath,
2562 .chflags_fn = smb_full_audit_chflags,
2563 .file_id_create_fn = smb_full_audit_file_id_create,
2564 .offload_read_send_fn = smb_full_audit_offload_read_send,
2565 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
2566 .offload_write_send_fn = smb_full_audit_offload_write_send,
2567 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
2568 .get_compression_fn = smb_full_audit_get_compression,
2569 .set_compression_fn = smb_full_audit_set_compression,
2570 .snap_check_path_fn = smb_full_audit_snap_check_path,
2571 .snap_create_fn = smb_full_audit_snap_create,
2572 .snap_delete_fn = smb_full_audit_snap_delete,
2573 .streaminfo_fn = smb_full_audit_streaminfo,
2574 .get_real_filename_fn = smb_full_audit_get_real_filename,
2575 .connectpath_fn = smb_full_audit_connectpath,
2576 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2577 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2578 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2579 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
2580 .translate_name_fn = smb_full_audit_translate_name,
2581 .fsctl_fn = smb_full_audit_fsctl,
2582 .get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
2583 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
2584 .set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
2585 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
2586 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2587 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2588 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2589 .audit_file_fn = smb_full_audit_audit_file,
2590 .chmod_acl_fn = smb_full_audit_chmod_acl,
2591 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2592 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2593 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2594 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2595 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2596 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2597 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2598 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2599 .getxattr_fn = smb_full_audit_getxattr,
2600 .fgetxattr_fn = smb_full_audit_fgetxattr,
2601 .listxattr_fn = smb_full_audit_listxattr,
2602 .flistxattr_fn = smb_full_audit_flistxattr,
2603 .removexattr_fn = smb_full_audit_removexattr,
2604 .fremovexattr_fn = smb_full_audit_fremovexattr,
2605 .setxattr_fn = smb_full_audit_setxattr,
2606 .fsetxattr_fn = smb_full_audit_fsetxattr,
2607 .aio_force_fn = smb_full_audit_aio_force,
2608 .durable_cookie_fn = smb_full_audit_durable_cookie,
2609 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
2610 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
2611 .readdir_attr_fn = smb_full_audit_readdir_attr
2616 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
2620 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
2622 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
2623 &vfs_full_audit_fns);
2625 if (!NT_STATUS_IS_OK(ret))
2628 vfs_full_audit_debug_level = debug_add_class("full_audit");
2629 if (vfs_full_audit_debug_level == -1) {
2630 vfs_full_audit_debug_level = DBGC_VFS;
2631 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2634 DEBUG(10, ("vfs_full_audit: Debug class number of "
2635 "'full_audit': %d\n", vfs_full_audit_debug_level));