2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 extern userdom_struct current_user_info;
64 static int vfs_full_audit_debug_level = DBGC_VFS;
66 struct vfs_full_audit_private_data {
67 struct bitmap *success_ops;
68 struct bitmap *failure_ops;
72 #define DBGC_CLASS vfs_full_audit_debug_level
74 /* Function prototypes */
76 static int smb_full_audit_connect(vfs_handle_struct *handle,
77 const char *svc, const char *user);
78 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
79 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
81 BOOL small_query, SMB_BIG_UINT *bsize,
82 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
83 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
84 enum SMB_QUOTA_TYPE qtype, unid_t id,
86 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
87 enum SMB_QUOTA_TYPE qtype, unid_t id,
89 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
90 struct files_struct *fsp,
91 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels);
92 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
94 struct vfs_statvfs_struct *statbuf);
96 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
97 const char *fname, const char *mask, uint32 attr);
98 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
99 SMB_STRUCT_DIR *dirp);
100 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
101 SMB_STRUCT_DIR *dirp, long offset);
102 static long smb_full_audit_telldir(vfs_handle_struct *handle,
103 SMB_STRUCT_DIR *dirp);
104 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
105 SMB_STRUCT_DIR *dirp);
106 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
107 const char *path, mode_t mode);
108 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
110 static int smb_full_audit_closedir(vfs_handle_struct *handle,
111 SMB_STRUCT_DIR *dirp);
112 static int smb_full_audit_open(vfs_handle_struct *handle,
113 const char *fname, files_struct *fsp, int flags, mode_t mode);
114 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
115 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
116 int fd, void *data, size_t n);
117 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
118 int fd, void *data, size_t n, SMB_OFF_T offset);
119 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
120 int fd, const void *data, size_t n);
121 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
122 int fd, const void *data, size_t n,
124 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
125 int filedes, SMB_OFF_T offset, int whence);
126 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
127 files_struct *fsp, int fromfd,
128 const DATA_BLOB *hdr, SMB_OFF_T offset,
130 static int smb_full_audit_rename(vfs_handle_struct *handle,
131 const char *oldname, const char *newname);
132 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
133 static int smb_full_audit_stat(vfs_handle_struct *handle,
134 const char *fname, SMB_STRUCT_STAT *sbuf);
135 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
136 SMB_STRUCT_STAT *sbuf);
137 static int smb_full_audit_lstat(vfs_handle_struct *handle,
138 const char *path, SMB_STRUCT_STAT *sbuf);
139 static int smb_full_audit_unlink(vfs_handle_struct *handle,
141 static int smb_full_audit_chmod(vfs_handle_struct *handle,
142 const char *path, mode_t mode);
143 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
145 static int smb_full_audit_chown(vfs_handle_struct *handle,
146 const char *path, uid_t uid, gid_t gid);
147 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
148 uid_t uid, gid_t gid);
149 static int smb_full_audit_lchown(vfs_handle_struct *handle,
150 const char *path, uid_t uid, gid_t gid);
151 static int smb_full_audit_chdir(vfs_handle_struct *handle,
153 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
155 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
156 const char *path, const struct timespec ts[2]);
157 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
158 int fd, SMB_OFF_T len);
159 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
160 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
161 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
162 struct files_struct *fsp, int fd,
164 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
165 int fd, int leasetype);
166 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
167 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
168 static int smb_full_audit_symlink(vfs_handle_struct *handle,
169 const char *oldpath, const char *newpath);
170 static int smb_full_audit_readlink(vfs_handle_struct *handle,
171 const char *path, char *buf, size_t bufsiz);
172 static int smb_full_audit_link(vfs_handle_struct *handle,
173 const char *oldpath, const char *newpath);
174 static int smb_full_audit_mknod(vfs_handle_struct *handle,
175 const char *pathname, mode_t mode, SMB_DEV_T dev);
176 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
177 const char *path, char *resolved_path);
178 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
179 struct sys_notify_context *ctx,
180 struct notify_entry *e,
181 void (*callback)(struct sys_notify_context *ctx,
183 struct notify_event *ev),
184 void *private_data, void *handle_p);
185 static int smb_full_audit_chflags(vfs_handle_struct *handle,
186 const char *path, unsigned int flags);
187 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
188 SMB_DEV_T dev, SMB_INO_T inode);
189 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
190 int fd, uint32 security_info,
192 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
193 const char *name, uint32 security_info,
195 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
196 int fd, uint32 security_info_sent,
198 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
199 const char *name, uint32 security_info_sent,
201 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
202 const char *path, mode_t mode);
203 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
204 int fd, mode_t mode);
205 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
206 SMB_ACL_T theacl, int entry_id,
207 SMB_ACL_ENTRY_T *entry_p);
208 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
209 SMB_ACL_ENTRY_T entry_d,
210 SMB_ACL_TAG_T *tag_type_p);
211 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
212 SMB_ACL_ENTRY_T entry_d,
213 SMB_ACL_PERMSET_T *permset_p);
214 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
215 SMB_ACL_ENTRY_T entry_d);
216 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
218 SMB_ACL_TYPE_T type);
219 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
222 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
223 SMB_ACL_PERMSET_T permset);
224 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
225 SMB_ACL_PERMSET_T permset,
226 SMB_ACL_PERM_T perm);
227 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
230 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
232 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
234 SMB_ACL_ENTRY_T *pentry);
235 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
236 SMB_ACL_ENTRY_T entry,
237 SMB_ACL_TAG_T tagtype);
238 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
239 SMB_ACL_ENTRY_T entry,
241 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
242 SMB_ACL_ENTRY_T entry,
243 SMB_ACL_PERMSET_T permset);
244 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
246 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
247 const char *name, SMB_ACL_TYPE_T acltype,
249 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
250 int fd, SMB_ACL_T theacl);
251 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
253 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
254 SMB_ACL_PERMSET_T permset,
255 SMB_ACL_PERM_T perm);
256 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
258 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
259 SMB_ACL_T posix_acl);
260 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
262 SMB_ACL_TAG_T tagtype);
263 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
265 const char *name, void *value, size_t size);
266 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
267 const char *path, const char *name,
268 void *value, size_t size);
269 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
270 struct files_struct *fsp, int fd,
271 const char *name, void *value, size_t size);
272 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
273 const char *path, char *list, size_t size);
274 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
275 const char *path, char *list, size_t size);
276 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
277 struct files_struct *fsp, int fd, char *list,
279 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
282 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
285 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
286 struct files_struct *fsp, int fd,
288 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
290 const char *name, const void *value, size_t size,
292 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
294 const char *name, const void *value, size_t size,
296 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
297 struct files_struct *fsp, int fd, const char *name,
298 const void *value, size_t size, int flags);
300 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
301 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
302 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
303 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb);
304 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
305 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
306 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
310 static vfs_op_tuple audit_op_tuples[] = {
312 /* Disk operations */
314 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
315 SMB_VFS_LAYER_LOGGER},
316 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
317 SMB_VFS_LAYER_LOGGER},
318 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
319 SMB_VFS_LAYER_LOGGER},
320 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
321 SMB_VFS_LAYER_LOGGER},
322 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
323 SMB_VFS_LAYER_LOGGER},
324 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
325 SMB_VFS_LAYER_LOGGER},
326 {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS,
327 SMB_VFS_LAYER_LOGGER},
329 /* Directory operations */
331 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
332 SMB_VFS_LAYER_LOGGER},
333 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
334 SMB_VFS_LAYER_LOGGER},
335 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
336 SMB_VFS_LAYER_LOGGER},
337 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
338 SMB_VFS_LAYER_LOGGER},
339 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
340 SMB_VFS_LAYER_LOGGER},
341 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
342 SMB_VFS_LAYER_LOGGER},
343 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
344 SMB_VFS_LAYER_LOGGER},
345 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
346 SMB_VFS_LAYER_LOGGER},
348 /* File operations */
350 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
351 SMB_VFS_LAYER_LOGGER},
352 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
353 SMB_VFS_LAYER_LOGGER},
354 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
355 SMB_VFS_LAYER_LOGGER},
356 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
357 SMB_VFS_LAYER_LOGGER},
358 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
359 SMB_VFS_LAYER_LOGGER},
360 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
371 SMB_VFS_LAYER_LOGGER},
372 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
373 SMB_VFS_LAYER_LOGGER},
374 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
375 SMB_VFS_LAYER_LOGGER},
376 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
377 SMB_VFS_LAYER_LOGGER},
378 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
379 SMB_VFS_LAYER_LOGGER},
380 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
381 SMB_VFS_LAYER_LOGGER},
382 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
383 SMB_VFS_LAYER_LOGGER},
384 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
385 SMB_VFS_LAYER_LOGGER},
386 {SMB_VFS_OP(smb_full_audit_lchown), SMB_VFS_OP_LCHOWN,
387 SMB_VFS_LAYER_LOGGER},
388 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
389 SMB_VFS_LAYER_LOGGER},
390 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
391 SMB_VFS_LAYER_LOGGER},
392 {SMB_VFS_OP(smb_full_audit_ntimes), SMB_VFS_OP_NTIMES,
393 SMB_VFS_LAYER_LOGGER},
394 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
395 SMB_VFS_LAYER_LOGGER},
396 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
397 SMB_VFS_LAYER_LOGGER},
398 {SMB_VFS_OP(smb_full_audit_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
399 SMB_VFS_LAYER_LOGGER},
400 {SMB_VFS_OP(smb_full_audit_linux_setlease), SMB_VFS_OP_LINUX_SETLEASE,
401 SMB_VFS_LAYER_LOGGER},
402 {SMB_VFS_OP(smb_full_audit_getlock), SMB_VFS_OP_GETLOCK,
403 SMB_VFS_LAYER_LOGGER},
404 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
405 SMB_VFS_LAYER_LOGGER},
406 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(smb_full_audit_chflags), SMB_VFS_OP_CHFLAGS,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
419 SMB_VFS_LAYER_LOGGER},
421 /* NT ACL operations. */
423 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
424 SMB_VFS_LAYER_LOGGER},
425 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
426 SMB_VFS_LAYER_LOGGER},
427 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
428 SMB_VFS_LAYER_LOGGER},
429 {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
430 SMB_VFS_LAYER_LOGGER},
432 /* POSIX ACL operations. */
434 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
435 SMB_VFS_LAYER_LOGGER},
436 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
437 SMB_VFS_LAYER_LOGGER},
438 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
439 SMB_VFS_LAYER_LOGGER},
440 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
441 SMB_VFS_LAYER_LOGGER},
442 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
443 SMB_VFS_LAYER_LOGGER},
444 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
445 SMB_VFS_LAYER_LOGGER},
446 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
447 SMB_VFS_LAYER_LOGGER},
448 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
449 SMB_VFS_LAYER_LOGGER},
450 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
451 SMB_VFS_LAYER_LOGGER},
452 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
453 SMB_VFS_LAYER_LOGGER},
454 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
455 SMB_VFS_LAYER_LOGGER},
456 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
457 SMB_VFS_LAYER_LOGGER},
458 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
459 SMB_VFS_LAYER_LOGGER},
460 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
461 SMB_VFS_LAYER_LOGGER},
462 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
463 SMB_VFS_LAYER_LOGGER},
464 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
465 SMB_VFS_LAYER_LOGGER},
466 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
467 SMB_VFS_LAYER_LOGGER},
468 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
469 SMB_VFS_LAYER_LOGGER},
470 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
471 SMB_VFS_LAYER_LOGGER},
472 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
473 SMB_VFS_LAYER_LOGGER},
474 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
475 SMB_VFS_LAYER_LOGGER},
476 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
477 SMB_VFS_LAYER_LOGGER},
478 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
479 SMB_VFS_LAYER_LOGGER},
480 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
481 SMB_VFS_LAYER_LOGGER},
485 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
486 SMB_VFS_LAYER_LOGGER},
487 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
488 SMB_VFS_LAYER_LOGGER},
489 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
490 SMB_VFS_LAYER_LOGGER},
491 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
492 SMB_VFS_LAYER_LOGGER},
493 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
494 SMB_VFS_LAYER_LOGGER},
495 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
496 SMB_VFS_LAYER_LOGGER},
497 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
498 SMB_VFS_LAYER_LOGGER},
499 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
500 SMB_VFS_LAYER_LOGGER},
501 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
502 SMB_VFS_LAYER_LOGGER},
503 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
504 SMB_VFS_LAYER_LOGGER},
505 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
506 SMB_VFS_LAYER_LOGGER},
507 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
508 SMB_VFS_LAYER_LOGGER},
510 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
511 SMB_VFS_LAYER_LOGGER},
512 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
513 SMB_VFS_LAYER_LOGGER},
514 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
515 SMB_VFS_LAYER_LOGGER},
516 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
517 SMB_VFS_LAYER_LOGGER},
518 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
519 SMB_VFS_LAYER_LOGGER},
520 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
521 SMB_VFS_LAYER_LOGGER},
522 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
523 SMB_VFS_LAYER_LOGGER},
525 /* Finish VFS operations definition */
527 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
531 /* The following array *must* be in the same order as defined in vfs.h */
537 { SMB_VFS_OP_CONNECT, "connect" },
538 { SMB_VFS_OP_DISCONNECT, "disconnect" },
539 { SMB_VFS_OP_DISK_FREE, "disk_free" },
540 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
541 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
542 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
543 { SMB_VFS_OP_STATVFS, "statvfs" },
544 { SMB_VFS_OP_OPENDIR, "opendir" },
545 { SMB_VFS_OP_READDIR, "readdir" },
546 { SMB_VFS_OP_SEEKDIR, "seekdir" },
547 { SMB_VFS_OP_TELLDIR, "telldir" },
548 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
549 { SMB_VFS_OP_MKDIR, "mkdir" },
550 { SMB_VFS_OP_RMDIR, "rmdir" },
551 { SMB_VFS_OP_CLOSEDIR, "closedir" },
552 { SMB_VFS_OP_OPEN, "open" },
553 { SMB_VFS_OP_CLOSE, "close" },
554 { SMB_VFS_OP_READ, "read" },
555 { SMB_VFS_OP_PREAD, "pread" },
556 { SMB_VFS_OP_WRITE, "write" },
557 { SMB_VFS_OP_PWRITE, "pwrite" },
558 { SMB_VFS_OP_LSEEK, "lseek" },
559 { SMB_VFS_OP_SENDFILE, "sendfile" },
560 { SMB_VFS_OP_RENAME, "rename" },
561 { SMB_VFS_OP_FSYNC, "fsync" },
562 { SMB_VFS_OP_STAT, "stat" },
563 { SMB_VFS_OP_FSTAT, "fstat" },
564 { SMB_VFS_OP_LSTAT, "lstat" },
565 { SMB_VFS_OP_UNLINK, "unlink" },
566 { SMB_VFS_OP_CHMOD, "chmod" },
567 { SMB_VFS_OP_FCHMOD, "fchmod" },
568 { SMB_VFS_OP_CHOWN, "chown" },
569 { SMB_VFS_OP_FCHOWN, "fchown" },
570 { SMB_VFS_OP_LCHOWN, "lchown" },
571 { SMB_VFS_OP_CHDIR, "chdir" },
572 { SMB_VFS_OP_GETWD, "getwd" },
573 { SMB_VFS_OP_NTIMES, "ntimes" },
574 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
575 { SMB_VFS_OP_LOCK, "lock" },
576 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
577 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
578 { SMB_VFS_OP_GETLOCK, "getlock" },
579 { SMB_VFS_OP_SYMLINK, "symlink" },
580 { SMB_VFS_OP_READLINK, "readlink" },
581 { SMB_VFS_OP_LINK, "link" },
582 { SMB_VFS_OP_MKNOD, "mknod" },
583 { SMB_VFS_OP_REALPATH, "realpath" },
584 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
585 { SMB_VFS_OP_CHFLAGS, "chflags" },
586 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
587 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
588 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
589 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
590 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
591 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
592 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
593 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
594 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
595 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
596 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
597 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
598 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
599 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
600 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
601 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
602 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
603 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
604 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
605 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
606 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
607 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
608 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
609 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
610 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
611 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
612 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
613 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
614 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
615 { SMB_VFS_OP_GETXATTR, "getxattr" },
616 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
617 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
618 { SMB_VFS_OP_LISTXATTR, "listxattr" },
619 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
620 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
621 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
622 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
623 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
624 { SMB_VFS_OP_SETXATTR, "setxattr" },
625 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
626 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
627 { SMB_VFS_OP_AIO_READ, "aio_read" },
628 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
629 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
630 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
631 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
632 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
633 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
634 { SMB_VFS_OP_LAST, NULL }
637 static int audit_syslog_facility(vfs_handle_struct *handle)
639 static const struct enum_list enum_log_facilities[] = {
640 { LOG_USER, "USER" },
641 { LOG_LOCAL0, "LOCAL0" },
642 { LOG_LOCAL1, "LOCAL1" },
643 { LOG_LOCAL2, "LOCAL2" },
644 { LOG_LOCAL3, "LOCAL3" },
645 { LOG_LOCAL4, "LOCAL4" },
646 { LOG_LOCAL5, "LOCAL5" },
647 { LOG_LOCAL6, "LOCAL6" },
648 { LOG_LOCAL7, "LOCAL7" }
653 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
658 static int audit_syslog_priority(vfs_handle_struct *handle)
660 static const struct enum_list enum_log_priorities[] = {
661 { LOG_EMERG, "EMERG" },
662 { LOG_ALERT, "ALERT" },
663 { LOG_CRIT, "CRIT" },
665 { LOG_WARNING, "WARNING" },
666 { LOG_NOTICE, "NOTICE" },
667 { LOG_INFO, "INFO" },
668 { LOG_DEBUG, "DEBUG" }
673 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
678 static char *audit_prefix(connection_struct *conn)
680 static pstring prefix;
682 pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
684 standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
685 conn->connectpath, conn->gid,
686 get_current_username(),
687 current_user_info.domain,
688 prefix, sizeof(prefix));
692 static BOOL log_success(vfs_handle_struct *handle, vfs_op_type op)
694 struct vfs_full_audit_private_data *pd = NULL;
696 SMB_VFS_HANDLE_GET_DATA(handle, pd,
697 struct vfs_full_audit_private_data,
700 if (pd->success_ops == NULL) {
704 return bitmap_query(pd->success_ops, op);
707 static BOOL log_failure(vfs_handle_struct *handle, vfs_op_type op)
709 struct vfs_full_audit_private_data *pd = NULL;
711 SMB_VFS_HANDLE_GET_DATA(handle, pd,
712 struct vfs_full_audit_private_data,
715 if (pd->failure_ops == NULL)
718 return bitmap_query(pd->failure_ops, op);
721 static void init_bitmap(struct bitmap **bm, const char **ops)
723 BOOL log_all = False;
728 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
731 DEBUG(0, ("Could not alloc bitmap -- "
732 "defaulting to logging everything\n"));
736 while (*ops != NULL) {
740 if (strequal(*ops, "all")) {
745 if (strequal(*ops, "none")) {
749 for (i=0; i<SMB_VFS_OP_LAST; i++) {
750 if (vfs_op_names[i].name == NULL) {
751 smb_panic("vfs_full_audit.c: name table not "
752 "in sync with vfs.h\n");
755 if (strequal(*ops, vfs_op_names[i].name)) {
761 DEBUG(0, ("Could not find opname %s, logging all\n",
770 /* The query functions default to True */
776 static const char *audit_opname(vfs_op_type op)
778 if (op >= SMB_VFS_OP_LAST)
779 return "INVALID VFS OP";
780 return vfs_op_names[op].name;
783 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
784 const char *format, ...)
790 if (success && (!log_success(handle, op)))
793 if (!success && (!log_failure(handle, op)))
797 fstrcpy(err_msg, "ok");
799 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
801 va_start(ap, format);
802 vsnprintf(op_msg, sizeof(op_msg), format, ap);
805 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
806 audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
811 /* Free function for the private data. */
813 static void free_private_data(void **p_data)
815 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
817 if (pd->success_ops) {
818 bitmap_free(pd->success_ops);
820 if (pd->failure_ops) {
821 bitmap_free(pd->failure_ops);
827 /* Implementation of vfs_ops. Pass everything on to the default
828 operation but log event first. */
830 static int smb_full_audit_connect(vfs_handle_struct *handle,
831 const char *svc, const char *user)
834 struct vfs_full_audit_private_data *pd = NULL;
835 const char *none[] = { NULL };
836 const char *all [] = { "all" };
842 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
848 openlog("smbd_audit", 0, audit_syslog_facility(handle));
850 init_bitmap(&pd->success_ops,
851 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
853 init_bitmap(&pd->failure_ops,
854 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
857 /* Store the private data. */
858 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
859 struct vfs_full_audit_private_data, return -1);
861 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
863 do_log(SMB_VFS_OP_CONNECT, True, handle,
869 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
871 SMB_VFS_NEXT_DISCONNECT(handle);
873 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
874 "%s", lp_servicename(SNUM(handle->conn)));
876 /* The bitmaps will be disconnected when the private
882 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
884 BOOL small_query, SMB_BIG_UINT *bsize,
885 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
889 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
892 /* Don't have a reasonable notion of failure here */
894 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
899 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
900 enum SMB_QUOTA_TYPE qtype, unid_t id,
905 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
907 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
913 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
914 enum SMB_QUOTA_TYPE qtype, unid_t id,
919 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
921 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
926 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
927 struct files_struct *fsp,
928 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels)
932 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
934 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
939 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
941 struct vfs_statvfs_struct *statbuf)
945 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
947 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
952 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
953 const char *fname, const char *mask, uint32 attr)
955 SMB_STRUCT_DIR *result;
957 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
959 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
964 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
965 SMB_STRUCT_DIR *dirp)
967 SMB_STRUCT_DIRENT *result;
969 result = SMB_VFS_NEXT_READDIR(handle, dirp);
971 /* This operation has no reasonable error condition
972 * (End of dir is also failure), so always succeed.
974 do_log(SMB_VFS_OP_READDIR, True, handle, "");
979 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
980 SMB_STRUCT_DIR *dirp, long offset)
982 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
984 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
988 static long smb_full_audit_telldir(vfs_handle_struct *handle,
989 SMB_STRUCT_DIR *dirp)
993 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
995 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1000 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1001 SMB_STRUCT_DIR *dirp)
1003 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1005 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1009 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1010 const char *path, mode_t mode)
1014 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1016 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1021 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1026 result = SMB_VFS_NEXT_RMDIR(handle, path);
1028 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1033 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1034 SMB_STRUCT_DIR *dirp)
1038 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1040 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1045 static int smb_full_audit_open(vfs_handle_struct *handle,
1046 const char *fname, files_struct *fsp, int flags, mode_t mode)
1050 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1052 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1053 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1059 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
1063 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
1065 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1070 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1071 int fd, void *data, size_t n)
1075 result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
1077 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1082 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1083 int fd, void *data, size_t n, SMB_OFF_T offset)
1087 result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
1089 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1094 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1095 int fd, const void *data, size_t n)
1099 result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
1101 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1106 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1107 int fd, const void *data, size_t n,
1112 result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
1114 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1119 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1120 int filedes, SMB_OFF_T offset, int whence)
1124 result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
1126 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1127 "%s", fsp->fsp_name);
1132 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1133 files_struct *fsp, int fromfd,
1134 const DATA_BLOB *hdr, SMB_OFF_T offset,
1139 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
1142 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1143 "%s", fsp->fsp_name);
1148 static int smb_full_audit_rename(vfs_handle_struct *handle,
1149 const char *oldname, const char *newname)
1153 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1155 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1160 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
1164 result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
1166 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1171 static int smb_full_audit_stat(vfs_handle_struct *handle,
1172 const char *fname, SMB_STRUCT_STAT *sbuf)
1176 result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1178 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1183 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
1184 SMB_STRUCT_STAT *sbuf)
1188 result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
1190 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1195 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1196 const char *path, SMB_STRUCT_STAT *sbuf)
1200 result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1202 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1207 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1212 result = SMB_VFS_NEXT_UNLINK(handle, path);
1214 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1219 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1220 const char *path, mode_t mode)
1224 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1226 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1231 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1236 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1238 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1239 "%s|%o", fsp->fsp_name, mode);
1244 static int smb_full_audit_chown(vfs_handle_struct *handle,
1245 const char *path, uid_t uid, gid_t gid)
1249 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1251 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1252 path, (long int)uid, (long int)gid);
1257 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1258 uid_t uid, gid_t gid)
1262 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1264 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1265 fsp->fsp_name, (long int)uid, (long int)gid);
1270 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1271 const char *path, uid_t uid, gid_t gid)
1275 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1277 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1278 path, (long int)uid, (long int)gid);
1283 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1288 result = SMB_VFS_NEXT_CHDIR(handle, path);
1290 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1295 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1300 result = SMB_VFS_NEXT_GETWD(handle, path);
1302 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1307 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1308 const char *path, const struct timespec ts[2])
1312 result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
1314 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1319 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1320 int fd, SMB_OFF_T len)
1324 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1326 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1327 "%s", fsp->fsp_name);
1332 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1333 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1337 result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1339 do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1344 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1345 struct files_struct *fsp, int fd,
1350 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, fd, share_mode);
1352 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1358 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1359 int fd, int leasetype)
1363 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, fd, leasetype);
1365 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1371 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1372 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1376 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, fd, poffset, pcount, ptype, ppid);
1378 do_log(SMB_VFS_OP_GETLOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1383 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1384 const char *oldpath, const char *newpath)
1388 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1390 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1391 "%s|%s", oldpath, newpath);
1396 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1397 const char *path, char *buf, size_t bufsiz)
1401 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1403 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1408 static int smb_full_audit_link(vfs_handle_struct *handle,
1409 const char *oldpath, const char *newpath)
1413 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1415 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1416 "%s|%s", oldpath, newpath);
1421 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1422 const char *pathname, mode_t mode, SMB_DEV_T dev)
1426 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1428 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1433 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1434 const char *path, char *resolved_path)
1438 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1440 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1445 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1446 struct sys_notify_context *ctx,
1447 struct notify_entry *e,
1448 void (*callback)(struct sys_notify_context *ctx,
1450 struct notify_event *ev),
1451 void *private_data, void *handle_p)
1455 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1457 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1462 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1463 const char *path, unsigned int flags)
1467 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1469 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1474 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1475 SMB_DEV_T dev, SMB_INO_T inode)
1477 struct file_id id_zero;
1478 struct file_id result;
1480 ZERO_STRUCT(id_zero);
1482 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode);
1484 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1485 !file_id_equal(&id_zero, &result),
1486 handle, "%s", file_id_string_tos(&result));
1491 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1492 int fd, uint32 security_info,
1497 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1500 do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1501 "%s", fsp->fsp_name);
1506 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1507 const char *name, uint32 security_info,
1512 result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1515 do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1516 "%s", fsp->fsp_name);
1521 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1522 int fd, uint32 security_info_sent,
1527 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1530 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1535 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1536 const char *name, uint32 security_info_sent,
1541 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1544 do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1549 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1550 const char *path, mode_t mode)
1554 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1556 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1557 "%s|%o", path, mode);
1562 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1563 int fd, mode_t mode)
1567 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1569 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1570 "%s|%o", fsp->fsp_name, mode);
1575 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1577 SMB_ACL_T theacl, int entry_id,
1578 SMB_ACL_ENTRY_T *entry_p)
1582 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1585 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1591 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1593 SMB_ACL_ENTRY_T entry_d,
1594 SMB_ACL_TAG_T *tag_type_p)
1598 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1601 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1607 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1609 SMB_ACL_ENTRY_T entry_d,
1610 SMB_ACL_PERMSET_T *permset_p)
1614 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1617 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1623 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1625 SMB_ACL_ENTRY_T entry_d)
1629 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1631 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1637 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1639 SMB_ACL_TYPE_T type)
1643 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1645 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1651 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1652 files_struct *fsp, int fd)
1656 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1658 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1659 "%s", fsp->fsp_name);
1664 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1666 SMB_ACL_PERMSET_T permset)
1670 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1672 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1678 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1680 SMB_ACL_PERMSET_T permset,
1681 SMB_ACL_PERM_T perm)
1685 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1687 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1693 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1699 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1701 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1707 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1713 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1715 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1721 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1723 SMB_ACL_ENTRY_T *pentry)
1727 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1729 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1735 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1737 SMB_ACL_ENTRY_T entry,
1738 SMB_ACL_TAG_T tagtype)
1742 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1745 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1751 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1753 SMB_ACL_ENTRY_T entry,
1758 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1760 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1766 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1768 SMB_ACL_ENTRY_T entry,
1769 SMB_ACL_PERMSET_T permset)
1773 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1775 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1781 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1787 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1789 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1795 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1797 const char *name, SMB_ACL_TYPE_T acltype,
1802 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1805 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1811 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1812 int fd, SMB_ACL_T theacl)
1816 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1818 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1819 "%s", fsp->fsp_name);
1824 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1830 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1832 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1838 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1840 SMB_ACL_PERMSET_T permset,
1841 SMB_ACL_PERM_T perm)
1845 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1847 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1853 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1859 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1861 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1867 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1869 SMB_ACL_T posix_acl)
1873 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1875 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1881 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1883 SMB_ACL_TAG_T tagtype)
1887 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1890 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1896 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1898 const char *name, void *value, size_t size)
1902 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1904 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1905 "%s|%s", path, name);
1910 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1911 const char *path, const char *name,
1912 void *value, size_t size)
1916 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1918 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1919 "%s|%s", path, name);
1924 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1925 struct files_struct *fsp, int fd,
1926 const char *name, void *value, size_t size)
1930 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1932 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1933 "%s|%s", fsp->fsp_name, name);
1938 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1939 const char *path, char *list, size_t size)
1943 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1945 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1950 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1951 const char *path, char *list, size_t size)
1955 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1957 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1962 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1963 struct files_struct *fsp, int fd, char *list,
1968 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1970 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1971 "%s", fsp->fsp_name);
1976 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1982 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1984 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1985 "%s|%s", path, name);
1990 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
1996 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
1998 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1999 "%s|%s", path, name);
2004 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2005 struct files_struct *fsp, int fd,
2010 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
2012 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2013 "%s|%s", fsp->fsp_name, name);
2018 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2020 const char *name, const void *value, size_t size,
2025 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2028 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2029 "%s|%s", path, name);
2034 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2036 const char *name, const void *value, size_t size,
2041 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2044 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2045 "%s|%s", path, name);
2050 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2051 struct files_struct *fsp, int fd, const char *name,
2052 const void *value, size_t size, int flags)
2056 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
2059 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2060 "%s|%s", fsp->fsp_name, name);
2065 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2069 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2070 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2071 "%s", fsp->fsp_name);
2076 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2080 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2081 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2082 "%s", fsp->fsp_name);
2087 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2091 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2092 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2093 "%s", fsp->fsp_name);
2098 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb)
2102 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, fd, aiocb);
2103 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2104 "%s", fsp->fsp_name);
2109 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2113 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2114 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2115 "%s", fsp->fsp_name);
2120 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2124 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2125 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2126 "%s", fsp->fsp_name);
2131 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2135 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2136 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2137 "%s", fsp->fsp_name);
2143 NTSTATUS vfs_full_audit_init(void);
2144 NTSTATUS vfs_full_audit_init(void)
2146 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2147 "full_audit", audit_op_tuples);
2149 if (!NT_STATUS_IS_OK(ret))
2152 vfs_full_audit_debug_level = debug_add_class("full_audit");
2153 if (vfs_full_audit_debug_level == -1) {
2154 vfs_full_audit_debug_level = DBGC_VFS;
2155 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2158 DEBUG(10, ("vfs_full_audit: Debug class number of "
2159 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / metze / old / v3-2-winbind-ndr.git / blob