62530fb09cedb1d204171f2e91901aa15b09fcd5
[nivanova/samba-autobuild/.git] / source3 / modules / vfs_full_audit.c
1 /* 
2  * Auditing VFS module for samba.  Log selected file operations to syslog
3  * facility.
4  *
5  * Copyright (C) Tim Potter, 1999-2000
6  * Copyright (C) Alexander Bokovoy, 2002
7  * Copyright (C) John H Terpstra, 2003
8  * Copyright (C) Stefan (metze) Metzmacher, 2003
9  * Copyright (C) Volker Lendecke, 2004
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *  
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *  
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24  */
25
26 /*
27  * This module implements parseable logging for all Samba VFS operations.
28  *
29  * You use it as follows:
30  *
31  * [tmp]
32  * path = /tmp
33  * vfs objects = full_audit
34  * full_audit:prefix = %u|%I
35  * full_audit:success = open opendir
36  * full_audit:failure = all
37  *
38  * vfs op can be "all" which means log all operations.
39  * vfs op can be "none" which means no logging.
40  *
41  * This leads to syslog entries of the form:
42  * smbd_audit: nobody|192.168.234.1|opendir|ok|.
43  * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44  *
45  * where "nobody" is the connected username and "192.168.234.1" is the
46  * client's IP address. 
47  *
48  * Options:
49  *
50  * prefix: A macro expansion template prepended to the syslog entry.
51  *
52  * success: A list of VFS operations for which a successful completion should
53  * be logged. Defaults to no logging at all. The special operation "all" logs
54  * - you guessed it - everything.
55  *
56  * failure: A list of VFS operations for which failure to complete should be
57  * logged. Defaults to logging everything.
58  */
59
60
61 #include "includes.h"
62
63 extern userdom_struct current_user_info;
64
65 static int vfs_full_audit_debug_level = DBGC_VFS;
66
67 struct vfs_full_audit_private_data {
68         struct bitmap *success_ops;
69         struct bitmap *failure_ops;
70 };
71
72 #undef DBGC_CLASS
73 #define DBGC_CLASS vfs_full_audit_debug_level
74
75 /* Function prototypes */
76
77 static int smb_full_audit_connect(vfs_handle_struct *handle,
78                          const char *svc, const char *user);
79 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
80 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
81                                     const char *path,
82                                     BOOL small_query, SMB_BIG_UINT *bsize, 
83                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
84 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
85                            enum SMB_QUOTA_TYPE qtype, unid_t id,
86                            SMB_DISK_QUOTA *qt);
87 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
88                            enum SMB_QUOTA_TYPE qtype, unid_t id,
89                            SMB_DISK_QUOTA *qt);
90 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
91                                 struct files_struct *fsp,
92                                 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels);
93 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
94                                 const char *path,
95                                 struct vfs_statvfs_struct *statbuf);
96
97 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
98                           const char *fname, const char *mask, uint32 attr);
99 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
100                                     SMB_STRUCT_DIR *dirp);
101 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
102                         SMB_STRUCT_DIR *dirp, long offset);
103 static long smb_full_audit_telldir(vfs_handle_struct *handle,
104                         SMB_STRUCT_DIR *dirp);
105 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
106                         SMB_STRUCT_DIR *dirp);
107 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
108                        const char *path, mode_t mode);
109 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
110                        const char *path);
111 static int smb_full_audit_closedir(vfs_handle_struct *handle,
112                           SMB_STRUCT_DIR *dirp);
113 static int smb_full_audit_open(vfs_handle_struct *handle,
114                       const char *fname, files_struct *fsp, int flags, mode_t mode);
115 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
116 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
117                           int fd, void *data, size_t n);
118 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
119                            int fd, void *data, size_t n, SMB_OFF_T offset);
120 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
121                            int fd, const void *data, size_t n);
122 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
123                             int fd, const void *data, size_t n,
124                             SMB_OFF_T offset);
125 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
126                              int filedes, SMB_OFF_T offset, int whence);
127 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
128                               files_struct *fsp, int fromfd,
129                               const DATA_BLOB *hdr, SMB_OFF_T offset,
130                               size_t n);
131 static int smb_full_audit_rename(vfs_handle_struct *handle,
132                         const char *oldname, const char *newname);
133 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
134 static int smb_full_audit_stat(vfs_handle_struct *handle,
135                       const char *fname, SMB_STRUCT_STAT *sbuf);
136 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
137                        SMB_STRUCT_STAT *sbuf);
138 static int smb_full_audit_lstat(vfs_handle_struct *handle,
139                        const char *path, SMB_STRUCT_STAT *sbuf);
140 static int smb_full_audit_unlink(vfs_handle_struct *handle,
141                         const char *path);
142 static int smb_full_audit_chmod(vfs_handle_struct *handle,
143                        const char *path, mode_t mode);
144 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
145                         mode_t mode);
146 static int smb_full_audit_chown(vfs_handle_struct *handle,
147                        const char *path, uid_t uid, gid_t gid);
148 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
149                         uid_t uid, gid_t gid);
150 static int smb_full_audit_chdir(vfs_handle_struct *handle,
151                        const char *path);
152 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
153                          char *path);
154 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
155                        const char *path, const struct timespec ts[2]);
156 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
157                            int fd, SMB_OFF_T len);
158 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
159                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
160 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
161                                        struct files_struct *fsp, int fd,
162                                        uint32 share_mode);
163 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
164                                         int fd, int leasetype);
165 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
166                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
167 static int smb_full_audit_symlink(vfs_handle_struct *handle,
168                          const char *oldpath, const char *newpath);
169 static int smb_full_audit_readlink(vfs_handle_struct *handle,
170                           const char *path, char *buf, size_t bufsiz);
171 static int smb_full_audit_link(vfs_handle_struct *handle,
172                       const char *oldpath, const char *newpath);
173 static int smb_full_audit_mknod(vfs_handle_struct *handle,
174                        const char *pathname, mode_t mode, SMB_DEV_T dev);
175 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
176                             const char *path, char *resolved_path);
177 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
178                         struct sys_notify_context *ctx,
179                         struct notify_entry *e,
180                         void (*callback)(struct sys_notify_context *ctx,
181                                         void *private_data,
182                                         struct notify_event *ev),
183                         void *private_data, void *handle_p);
184 static int smb_full_audit_chflags(vfs_handle_struct *handle,
185                             const char *path, uint flags);
186 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
187                                 int fd, uint32 security_info,
188                                 SEC_DESC **ppdesc);
189 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
190                                const char *name, uint32 security_info,
191                                SEC_DESC **ppdesc);
192 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
193                               int fd, uint32 security_info_sent,
194                               SEC_DESC *psd);
195 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
196                              const char *name, uint32 security_info_sent,
197                              SEC_DESC *psd);
198 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
199                            const char *path, mode_t mode);
200 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
201                             int fd, mode_t mode);
202 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
203                                    SMB_ACL_T theacl, int entry_id,
204                                    SMB_ACL_ENTRY_T *entry_p);
205 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
206                                       SMB_ACL_ENTRY_T entry_d,
207                                       SMB_ACL_TAG_T *tag_type_p);
208 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
209                                      SMB_ACL_ENTRY_T entry_d,
210                                      SMB_ACL_PERMSET_T *permset_p);
211 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
212                                           SMB_ACL_ENTRY_T entry_d);
213 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
214                                         const char *path_p,
215                                         SMB_ACL_TYPE_T type);
216 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
217                                       files_struct *fsp,
218                                       int fd);
219 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
220                                      SMB_ACL_PERMSET_T permset);
221 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
222                                   SMB_ACL_PERMSET_T permset,
223                                   SMB_ACL_PERM_T perm);
224 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
225                                     SMB_ACL_T theacl,
226                                     ssize_t *plen);
227 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
228                                     int count);
229 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
230                                       SMB_ACL_T *pacl,
231                                       SMB_ACL_ENTRY_T *pentry);
232 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
233                                       SMB_ACL_ENTRY_T entry,
234                                       SMB_ACL_TAG_T tagtype);
235 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
236                                        SMB_ACL_ENTRY_T entry,
237                                        void *qual);
238 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
239                                      SMB_ACL_ENTRY_T entry,
240                                      SMB_ACL_PERMSET_T permset);
241 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
242                                SMB_ACL_T theacl );
243 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
244                                   const char *name, SMB_ACL_TYPE_T acltype,
245                                   SMB_ACL_T theacl);
246 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
247                                 int fd, SMB_ACL_T theacl);
248 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
249                                          const char *path);
250 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
251                                   SMB_ACL_PERMSET_T permset,
252                                   SMB_ACL_PERM_T perm);
253 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
254                                    char *text);
255 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
256                                   SMB_ACL_T posix_acl);
257 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
258                                         void *qualifier,
259                                         SMB_ACL_TAG_T tagtype);
260 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
261                               const char *path,
262                               const char *name, void *value, size_t size);
263 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
264                                const char *path, const char *name,
265                                void *value, size_t size);
266 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
267                                struct files_struct *fsp, int fd,
268                                const char *name, void *value, size_t size);
269 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
270                                const char *path, char *list, size_t size);
271 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
272                                 const char *path, char *list, size_t size);
273 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
274                                 struct files_struct *fsp, int fd, char *list,
275                                 size_t size);
276 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
277                              const char *path,
278                              const char *name);
279 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
280                               const char *path,
281                               const char *name);
282 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
283                               struct files_struct *fsp, int fd,
284                               const char *name);
285 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
286                           const char *path,
287                           const char *name, const void *value, size_t size,
288                           int flags);
289 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
290                            const char *path,
291                            const char *name, const void *value, size_t size,
292                            int flags);
293 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
294                            struct files_struct *fsp, int fd, const char *name,
295                            const void *value, size_t size, int flags);
296
297 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
298 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
299 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
300 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb);
301 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
302 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
303 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
304
305 /* VFS operations */
306
307 static vfs_op_tuple audit_op_tuples[] = {
308     
309         /* Disk operations */
310
311         {SMB_VFS_OP(smb_full_audit_connect),    SMB_VFS_OP_CONNECT,
312          SMB_VFS_LAYER_LOGGER},
313         {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
314          SMB_VFS_LAYER_LOGGER},
315         {SMB_VFS_OP(smb_full_audit_disk_free),  SMB_VFS_OP_DISK_FREE,
316          SMB_VFS_LAYER_LOGGER},
317         {SMB_VFS_OP(smb_full_audit_get_quota),  SMB_VFS_OP_GET_QUOTA,
318          SMB_VFS_LAYER_LOGGER},
319         {SMB_VFS_OP(smb_full_audit_set_quota),  SMB_VFS_OP_SET_QUOTA,
320          SMB_VFS_LAYER_LOGGER},
321         {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
322          SMB_VFS_LAYER_LOGGER},
323         {SMB_VFS_OP(smb_full_audit_statvfs),    SMB_VFS_OP_STATVFS,
324          SMB_VFS_LAYER_LOGGER},
325
326         /* Directory operations */
327
328         {SMB_VFS_OP(smb_full_audit_opendir),    SMB_VFS_OP_OPENDIR,
329          SMB_VFS_LAYER_LOGGER},
330         {SMB_VFS_OP(smb_full_audit_readdir),    SMB_VFS_OP_READDIR,
331          SMB_VFS_LAYER_LOGGER},
332         {SMB_VFS_OP(smb_full_audit_seekdir),    SMB_VFS_OP_SEEKDIR,
333          SMB_VFS_LAYER_LOGGER},
334         {SMB_VFS_OP(smb_full_audit_telldir),    SMB_VFS_OP_TELLDIR,
335          SMB_VFS_LAYER_LOGGER},
336         {SMB_VFS_OP(smb_full_audit_rewinddir),  SMB_VFS_OP_REWINDDIR,
337          SMB_VFS_LAYER_LOGGER},
338         {SMB_VFS_OP(smb_full_audit_mkdir),      SMB_VFS_OP_MKDIR,
339          SMB_VFS_LAYER_LOGGER},
340         {SMB_VFS_OP(smb_full_audit_rmdir),      SMB_VFS_OP_RMDIR,
341          SMB_VFS_LAYER_LOGGER},
342         {SMB_VFS_OP(smb_full_audit_closedir),   SMB_VFS_OP_CLOSEDIR,
343          SMB_VFS_LAYER_LOGGER},
344
345         /* File operations */
346
347         {SMB_VFS_OP(smb_full_audit_open),       SMB_VFS_OP_OPEN,
348          SMB_VFS_LAYER_LOGGER},
349         {SMB_VFS_OP(smb_full_audit_close),      SMB_VFS_OP_CLOSE,
350          SMB_VFS_LAYER_LOGGER},
351         {SMB_VFS_OP(smb_full_audit_read),       SMB_VFS_OP_READ,
352          SMB_VFS_LAYER_LOGGER},
353         {SMB_VFS_OP(smb_full_audit_pread),      SMB_VFS_OP_PREAD,
354          SMB_VFS_LAYER_LOGGER},
355         {SMB_VFS_OP(smb_full_audit_write),      SMB_VFS_OP_WRITE,
356          SMB_VFS_LAYER_LOGGER},
357         {SMB_VFS_OP(smb_full_audit_pwrite),     SMB_VFS_OP_PWRITE,
358          SMB_VFS_LAYER_LOGGER},
359         {SMB_VFS_OP(smb_full_audit_lseek),      SMB_VFS_OP_LSEEK,
360          SMB_VFS_LAYER_LOGGER},
361         {SMB_VFS_OP(smb_full_audit_sendfile),   SMB_VFS_OP_SENDFILE,
362          SMB_VFS_LAYER_LOGGER},
363         {SMB_VFS_OP(smb_full_audit_rename),     SMB_VFS_OP_RENAME,
364          SMB_VFS_LAYER_LOGGER},
365         {SMB_VFS_OP(smb_full_audit_fsync),      SMB_VFS_OP_FSYNC,
366          SMB_VFS_LAYER_LOGGER},
367         {SMB_VFS_OP(smb_full_audit_stat),       SMB_VFS_OP_STAT,
368          SMB_VFS_LAYER_LOGGER},
369         {SMB_VFS_OP(smb_full_audit_fstat),      SMB_VFS_OP_FSTAT,
370          SMB_VFS_LAYER_LOGGER},
371         {SMB_VFS_OP(smb_full_audit_lstat),      SMB_VFS_OP_LSTAT,
372          SMB_VFS_LAYER_LOGGER},
373         {SMB_VFS_OP(smb_full_audit_unlink),     SMB_VFS_OP_UNLINK,
374          SMB_VFS_LAYER_LOGGER},
375         {SMB_VFS_OP(smb_full_audit_chmod),      SMB_VFS_OP_CHMOD,
376          SMB_VFS_LAYER_LOGGER},
377         {SMB_VFS_OP(smb_full_audit_fchmod),     SMB_VFS_OP_FCHMOD,
378          SMB_VFS_LAYER_LOGGER},
379         {SMB_VFS_OP(smb_full_audit_chown),      SMB_VFS_OP_CHOWN,
380          SMB_VFS_LAYER_LOGGER},
381         {SMB_VFS_OP(smb_full_audit_fchown),     SMB_VFS_OP_FCHOWN,
382          SMB_VFS_LAYER_LOGGER},
383         {SMB_VFS_OP(smb_full_audit_chdir),      SMB_VFS_OP_CHDIR,
384          SMB_VFS_LAYER_LOGGER},
385         {SMB_VFS_OP(smb_full_audit_getwd),      SMB_VFS_OP_GETWD,
386          SMB_VFS_LAYER_LOGGER},
387         {SMB_VFS_OP(smb_full_audit_ntimes),     SMB_VFS_OP_NTIMES,
388          SMB_VFS_LAYER_LOGGER},
389         {SMB_VFS_OP(smb_full_audit_ftruncate),  SMB_VFS_OP_FTRUNCATE,
390          SMB_VFS_LAYER_LOGGER},
391         {SMB_VFS_OP(smb_full_audit_lock),       SMB_VFS_OP_LOCK,
392          SMB_VFS_LAYER_LOGGER},
393         {SMB_VFS_OP(smb_full_audit_kernel_flock),       SMB_VFS_OP_KERNEL_FLOCK,
394          SMB_VFS_LAYER_LOGGER},
395         {SMB_VFS_OP(smb_full_audit_linux_setlease),       SMB_VFS_OP_LINUX_SETLEASE,
396          SMB_VFS_LAYER_LOGGER},
397         {SMB_VFS_OP(smb_full_audit_getlock),    SMB_VFS_OP_GETLOCK,
398          SMB_VFS_LAYER_LOGGER},
399         {SMB_VFS_OP(smb_full_audit_symlink),    SMB_VFS_OP_SYMLINK,
400          SMB_VFS_LAYER_LOGGER},
401         {SMB_VFS_OP(smb_full_audit_readlink),   SMB_VFS_OP_READLINK,
402          SMB_VFS_LAYER_LOGGER},
403         {SMB_VFS_OP(smb_full_audit_link),       SMB_VFS_OP_LINK,
404          SMB_VFS_LAYER_LOGGER},
405         {SMB_VFS_OP(smb_full_audit_mknod),      SMB_VFS_OP_MKNOD,
406          SMB_VFS_LAYER_LOGGER},
407         {SMB_VFS_OP(smb_full_audit_realpath),   SMB_VFS_OP_REALPATH,
408          SMB_VFS_LAYER_LOGGER},
409         {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
410          SMB_VFS_LAYER_LOGGER},
411         {SMB_VFS_OP(smb_full_audit_chflags),    SMB_VFS_OP_CHFLAGS,
412          SMB_VFS_LAYER_LOGGER},
413
414         /* NT ACL operations. */
415
416         {SMB_VFS_OP(smb_full_audit_fget_nt_acl),        SMB_VFS_OP_FGET_NT_ACL,
417          SMB_VFS_LAYER_LOGGER},
418         {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
419          SMB_VFS_LAYER_LOGGER},
420         {SMB_VFS_OP(smb_full_audit_fset_nt_acl),        SMB_VFS_OP_FSET_NT_ACL,
421          SMB_VFS_LAYER_LOGGER},
422         {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
423          SMB_VFS_LAYER_LOGGER},
424
425         /* POSIX ACL operations. */
426
427         {SMB_VFS_OP(smb_full_audit_chmod_acl),  SMB_VFS_OP_CHMOD_ACL,
428          SMB_VFS_LAYER_LOGGER},
429         {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
430          SMB_VFS_LAYER_LOGGER},
431         {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry),  SMB_VFS_OP_SYS_ACL_GET_ENTRY,
432          SMB_VFS_LAYER_LOGGER},
433         {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type),       SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
434          SMB_VFS_LAYER_LOGGER},
435         {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset),        SMB_VFS_OP_SYS_ACL_GET_PERMSET,
436          SMB_VFS_LAYER_LOGGER},
437         {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier),      SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
438          SMB_VFS_LAYER_LOGGER},
439         {SMB_VFS_OP(smb_full_audit_sys_acl_get_file),   SMB_VFS_OP_SYS_ACL_GET_FILE,
440          SMB_VFS_LAYER_LOGGER},
441         {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd),     SMB_VFS_OP_SYS_ACL_GET_FD,
442          SMB_VFS_LAYER_LOGGER},
443         {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms),        SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
444          SMB_VFS_LAYER_LOGGER},
445         {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm),   SMB_VFS_OP_SYS_ACL_ADD_PERM,
446          SMB_VFS_LAYER_LOGGER},
447         {SMB_VFS_OP(smb_full_audit_sys_acl_to_text),    SMB_VFS_OP_SYS_ACL_TO_TEXT,
448          SMB_VFS_LAYER_LOGGER},
449         {SMB_VFS_OP(smb_full_audit_sys_acl_init),       SMB_VFS_OP_SYS_ACL_INIT,
450          SMB_VFS_LAYER_LOGGER},
451         {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry),       SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
452          SMB_VFS_LAYER_LOGGER},
453         {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type),       SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
454          SMB_VFS_LAYER_LOGGER},
455         {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier),      SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
456          SMB_VFS_LAYER_LOGGER},
457         {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset),        SMB_VFS_OP_SYS_ACL_SET_PERMSET,
458          SMB_VFS_LAYER_LOGGER},
459         {SMB_VFS_OP(smb_full_audit_sys_acl_valid),      SMB_VFS_OP_SYS_ACL_VALID,
460          SMB_VFS_LAYER_LOGGER},
461         {SMB_VFS_OP(smb_full_audit_sys_acl_set_file),   SMB_VFS_OP_SYS_ACL_SET_FILE,
462          SMB_VFS_LAYER_LOGGER},
463         {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd),     SMB_VFS_OP_SYS_ACL_SET_FD,
464          SMB_VFS_LAYER_LOGGER},
465         {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file),    SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
466          SMB_VFS_LAYER_LOGGER},
467         {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm),   SMB_VFS_OP_SYS_ACL_GET_PERM,
468          SMB_VFS_LAYER_LOGGER},
469         {SMB_VFS_OP(smb_full_audit_sys_acl_free_text),  SMB_VFS_OP_SYS_ACL_FREE_TEXT,
470          SMB_VFS_LAYER_LOGGER},
471         {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl),   SMB_VFS_OP_SYS_ACL_FREE_ACL,
472          SMB_VFS_LAYER_LOGGER},
473         {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier),     SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
474          SMB_VFS_LAYER_LOGGER},
475         
476         /* EA operations. */
477
478         {SMB_VFS_OP(smb_full_audit_getxattr),   SMB_VFS_OP_GETXATTR,
479          SMB_VFS_LAYER_LOGGER},
480         {SMB_VFS_OP(smb_full_audit_lgetxattr),  SMB_VFS_OP_LGETXATTR,
481          SMB_VFS_LAYER_LOGGER},
482         {SMB_VFS_OP(smb_full_audit_fgetxattr),  SMB_VFS_OP_FGETXATTR,
483          SMB_VFS_LAYER_LOGGER},
484         {SMB_VFS_OP(smb_full_audit_listxattr),  SMB_VFS_OP_LISTXATTR,
485          SMB_VFS_LAYER_LOGGER},
486         {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
487          SMB_VFS_LAYER_LOGGER},
488         {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
489          SMB_VFS_LAYER_LOGGER},
490         {SMB_VFS_OP(smb_full_audit_removexattr),        SMB_VFS_OP_REMOVEXATTR,
491          SMB_VFS_LAYER_LOGGER},
492         {SMB_VFS_OP(smb_full_audit_lremovexattr),       SMB_VFS_OP_LREMOVEXATTR,
493          SMB_VFS_LAYER_LOGGER},
494         {SMB_VFS_OP(smb_full_audit_fremovexattr),       SMB_VFS_OP_FREMOVEXATTR,
495          SMB_VFS_LAYER_LOGGER},
496         {SMB_VFS_OP(smb_full_audit_setxattr),   SMB_VFS_OP_SETXATTR,
497          SMB_VFS_LAYER_LOGGER},
498         {SMB_VFS_OP(smb_full_audit_lsetxattr),  SMB_VFS_OP_LSETXATTR,
499          SMB_VFS_LAYER_LOGGER},
500         {SMB_VFS_OP(smb_full_audit_fsetxattr),  SMB_VFS_OP_FSETXATTR,
501          SMB_VFS_LAYER_LOGGER},
502         
503         {SMB_VFS_OP(smb_full_audit_aio_read),   SMB_VFS_OP_AIO_READ,
504          SMB_VFS_LAYER_LOGGER},
505         {SMB_VFS_OP(smb_full_audit_aio_write),  SMB_VFS_OP_AIO_WRITE,
506          SMB_VFS_LAYER_LOGGER},
507         {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
508          SMB_VFS_LAYER_LOGGER},
509         {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
510          SMB_VFS_LAYER_LOGGER},
511         {SMB_VFS_OP(smb_full_audit_aio_error),  SMB_VFS_OP_AIO_ERROR,
512          SMB_VFS_LAYER_LOGGER},
513         {SMB_VFS_OP(smb_full_audit_aio_fsync),  SMB_VFS_OP_AIO_FSYNC,
514          SMB_VFS_LAYER_LOGGER},
515         {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
516          SMB_VFS_LAYER_LOGGER},
517
518         /* Finish VFS operations definition */
519         
520         {SMB_VFS_OP(NULL),              SMB_VFS_OP_NOOP,
521          SMB_VFS_LAYER_NOOP}
522 };
523
524 /* The following array *must* be in the same order as defined in vfs.h */
525
526 static struct {
527         vfs_op_type type;
528         const char *name;
529 } vfs_op_names[] = {
530         { SMB_VFS_OP_CONNECT,   "connect" },
531         { SMB_VFS_OP_DISCONNECT,        "disconnect" },
532         { SMB_VFS_OP_DISK_FREE, "disk_free" },
533         { SMB_VFS_OP_GET_QUOTA, "get_quota" },
534         { SMB_VFS_OP_SET_QUOTA, "set_quota" },
535         { SMB_VFS_OP_GET_SHADOW_COPY_DATA,      "get_shadow_copy_data" },
536         { SMB_VFS_OP_STATVFS,   "statvfs" },
537         { SMB_VFS_OP_OPENDIR,   "opendir" },
538         { SMB_VFS_OP_READDIR,   "readdir" },
539         { SMB_VFS_OP_SEEKDIR,   "seekdir" },
540         { SMB_VFS_OP_TELLDIR,   "telldir" },
541         { SMB_VFS_OP_REWINDDIR, "rewinddir" },
542         { SMB_VFS_OP_MKDIR,     "mkdir" },
543         { SMB_VFS_OP_RMDIR,     "rmdir" },
544         { SMB_VFS_OP_CLOSEDIR,  "closedir" },
545         { SMB_VFS_OP_OPEN,      "open" },
546         { SMB_VFS_OP_CLOSE,     "close" },
547         { SMB_VFS_OP_READ,      "read" },
548         { SMB_VFS_OP_PREAD,     "pread" },
549         { SMB_VFS_OP_WRITE,     "write" },
550         { SMB_VFS_OP_PWRITE,    "pwrite" },
551         { SMB_VFS_OP_LSEEK,     "lseek" },
552         { SMB_VFS_OP_SENDFILE,  "sendfile" },
553         { SMB_VFS_OP_RENAME,    "rename" },
554         { SMB_VFS_OP_FSYNC,     "fsync" },
555         { SMB_VFS_OP_STAT,      "stat" },
556         { SMB_VFS_OP_FSTAT,     "fstat" },
557         { SMB_VFS_OP_LSTAT,     "lstat" },
558         { SMB_VFS_OP_UNLINK,    "unlink" },
559         { SMB_VFS_OP_CHMOD,     "chmod" },
560         { SMB_VFS_OP_FCHMOD,    "fchmod" },
561         { SMB_VFS_OP_CHOWN,     "chown" },
562         { SMB_VFS_OP_FCHOWN,    "fchown" },
563         { SMB_VFS_OP_CHDIR,     "chdir" },
564         { SMB_VFS_OP_GETWD,     "getwd" },
565         { SMB_VFS_OP_NTIMES,    "ntimes" },
566         { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
567         { SMB_VFS_OP_LOCK,      "lock" },
568         { SMB_VFS_OP_KERNEL_FLOCK,      "kernel_flock" },
569         { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
570         { SMB_VFS_OP_GETLOCK,   "getlock" },
571         { SMB_VFS_OP_SYMLINK,   "symlink" },
572         { SMB_VFS_OP_READLINK,  "readlink" },
573         { SMB_VFS_OP_LINK,      "link" },
574         { SMB_VFS_OP_MKNOD,     "mknod" },
575         { SMB_VFS_OP_REALPATH,  "realpath" },
576         { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
577         { SMB_VFS_OP_CHFLAGS,   "chflags" },
578         { SMB_VFS_OP_FGET_NT_ACL,       "fget_nt_acl" },
579         { SMB_VFS_OP_GET_NT_ACL,        "get_nt_acl" },
580         { SMB_VFS_OP_FSET_NT_ACL,       "fset_nt_acl" },
581         { SMB_VFS_OP_SET_NT_ACL,        "set_nt_acl" },
582         { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
583         { SMB_VFS_OP_FCHMOD_ACL,        "fchmod_acl" },
584         { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
585         { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,      "sys_acl_get_tag_type" },
586         { SMB_VFS_OP_SYS_ACL_GET_PERMSET,       "sys_acl_get_permset" },
587         { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,     "sys_acl_get_qualifier" },
588         { SMB_VFS_OP_SYS_ACL_GET_FILE,  "sys_acl_get_file" },
589         { SMB_VFS_OP_SYS_ACL_GET_FD,    "sys_acl_get_fd" },
590         { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,       "sys_acl_clear_perms" },
591         { SMB_VFS_OP_SYS_ACL_ADD_PERM,  "sys_acl_add_perm" },
592         { SMB_VFS_OP_SYS_ACL_TO_TEXT,   "sys_acl_to_text" },
593         { SMB_VFS_OP_SYS_ACL_INIT,      "sys_acl_init" },
594         { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,      "sys_acl_create_entry" },
595         { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,      "sys_acl_set_tag_type" },
596         { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,     "sys_acl_set_qualifier" },
597         { SMB_VFS_OP_SYS_ACL_SET_PERMSET,       "sys_acl_set_permset" },
598         { SMB_VFS_OP_SYS_ACL_VALID,     "sys_acl_valid" },
599         { SMB_VFS_OP_SYS_ACL_SET_FILE,  "sys_acl_set_file" },
600         { SMB_VFS_OP_SYS_ACL_SET_FD,    "sys_acl_set_fd" },
601         { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,   "sys_acl_delete_def_file" },
602         { SMB_VFS_OP_SYS_ACL_GET_PERM,  "sys_acl_get_perm" },
603         { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
604         { SMB_VFS_OP_SYS_ACL_FREE_ACL,  "sys_acl_free_acl" },
605         { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,    "sys_acl_free_qualifier" },
606         { SMB_VFS_OP_GETXATTR,  "getxattr" },
607         { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
608         { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
609         { SMB_VFS_OP_LISTXATTR, "listxattr" },
610         { SMB_VFS_OP_LLISTXATTR,        "llistxattr" },
611         { SMB_VFS_OP_FLISTXATTR,        "flistxattr" },
612         { SMB_VFS_OP_REMOVEXATTR,       "removexattr" },
613         { SMB_VFS_OP_LREMOVEXATTR,      "lremovexattr" },
614         { SMB_VFS_OP_FREMOVEXATTR,      "fremovexattr" },
615         { SMB_VFS_OP_SETXATTR,  "setxattr" },
616         { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
617         { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
618         { SMB_VFS_OP_AIO_READ,  "aio_read" },
619         { SMB_VFS_OP_AIO_WRITE, "aio_write" },
620         { SMB_VFS_OP_AIO_RETURN,"aio_return" },
621         { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
622         { SMB_VFS_OP_AIO_ERROR, "aio_error" },
623         { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
624         { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
625         { SMB_VFS_OP_LAST, NULL }
626 };      
627
628 static int audit_syslog_facility(vfs_handle_struct *handle)
629 {
630         static const struct enum_list enum_log_facilities[] = {
631                 { LOG_USER, "USER" },
632                 { LOG_LOCAL0, "LOCAL0" },
633                 { LOG_LOCAL1, "LOCAL1" },
634                 { LOG_LOCAL2, "LOCAL2" },
635                 { LOG_LOCAL3, "LOCAL3" },
636                 { LOG_LOCAL4, "LOCAL4" },
637                 { LOG_LOCAL5, "LOCAL5" },
638                 { LOG_LOCAL6, "LOCAL6" },
639                 { LOG_LOCAL7, "LOCAL7" }
640         };
641
642         int facility;
643
644         facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
645
646         return facility;
647 }
648
649 static int audit_syslog_priority(vfs_handle_struct *handle)
650 {
651         static const struct enum_list enum_log_priorities[] = {
652                 { LOG_EMERG, "EMERG" },
653                 { LOG_ALERT, "ALERT" },
654                 { LOG_CRIT, "CRIT" },
655                 { LOG_ERR, "ERR" },
656                 { LOG_WARNING, "WARNING" },
657                 { LOG_NOTICE, "NOTICE" },
658                 { LOG_INFO, "INFO" },
659                 { LOG_DEBUG, "DEBUG" }
660         };
661
662         int priority;
663
664         priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
665
666         return priority;
667 }
668
669 static char *audit_prefix(connection_struct *conn)
670 {
671         static pstring prefix;
672
673         pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
674                                              "prefix", "%u|%I"));
675         standard_sub_advanced(lp_servicename(SNUM(conn)), conn->user,
676                               conn->connectpath, conn->gid,
677                               get_current_username(),
678                               current_user_info.domain,
679                               prefix, sizeof(prefix));
680         return prefix;
681 }
682
683 static BOOL log_success(vfs_handle_struct *handle, vfs_op_type op)
684 {
685         struct vfs_full_audit_private_data *pd = NULL;
686
687         SMB_VFS_HANDLE_GET_DATA(handle, pd,
688                 struct vfs_full_audit_private_data,
689                 return True);
690
691         if (pd->success_ops == NULL) {
692                 return True;
693         }
694
695         return bitmap_query(pd->success_ops, op);
696 }
697
698 static BOOL log_failure(vfs_handle_struct *handle, vfs_op_type op)
699 {
700         struct vfs_full_audit_private_data *pd = NULL;
701
702         SMB_VFS_HANDLE_GET_DATA(handle, pd,
703                 struct vfs_full_audit_private_data,
704                 return True);
705
706         if (pd->failure_ops == NULL)
707                 return True;
708
709         return bitmap_query(pd->failure_ops, op);
710 }
711
712 static void init_bitmap(struct bitmap **bm, const char **ops)
713 {
714         BOOL log_all = False;
715
716         if (*bm != NULL)
717                 return;
718
719         *bm = bitmap_allocate(SMB_VFS_OP_LAST);
720
721         if (*bm == NULL) {
722                 DEBUG(0, ("Could not alloc bitmap -- "
723                           "defaulting to logging everything\n"));
724                 return;
725         }
726
727         while (*ops != NULL) {
728                 int i;
729                 BOOL found = False;
730
731                 if (strequal(*ops, "all")) {
732                         log_all = True;
733                         break;
734                 }
735
736                 if (strequal(*ops, "none")) {
737                         break;
738                 }
739
740                 for (i=0; i<SMB_VFS_OP_LAST; i++) {
741                         if (vfs_op_names[i].name == NULL) {
742                                 smb_panic("vfs_full_audit.c: name table not "
743                                           "in sync with vfs.h\n");
744                         }
745
746                         if (strequal(*ops, vfs_op_names[i].name)) {
747                                 bitmap_set(*bm, i);
748                                 found = True;
749                         }
750                 }
751                 if (!found) {
752                         DEBUG(0, ("Could not find opname %s, logging all\n",
753                                   *ops));
754                         log_all = True;
755                         break;
756                 }
757                 ops += 1;
758         }
759
760         if (log_all) {
761                 /* The query functions default to True */
762                 bitmap_free(*bm);
763                 *bm = NULL;
764         }
765 }
766
767 static const char *audit_opname(vfs_op_type op)
768 {
769         if (op >= SMB_VFS_OP_LAST)
770                 return "INVALID VFS OP";
771         return vfs_op_names[op].name;
772 }
773
774 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
775                    const char *format, ...)
776 {
777         fstring err_msg;
778         pstring op_msg;
779         va_list ap;
780
781         if (success && (!log_success(handle, op)))
782                 return;
783
784         if (!success && (!log_failure(handle, op)))
785                 return;
786
787         if (success)
788                 fstrcpy(err_msg, "ok");
789         else
790                 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
791
792         va_start(ap, format);
793         vsnprintf(op_msg, sizeof(op_msg), format, ap);
794         va_end(ap);
795
796         syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
797                audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
798
799         return;
800 }
801
802 /* Free function for the private data. */
803
804 static void free_private_data(void **p_data)
805 {
806         struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
807
808         if (pd->success_ops) {
809                 bitmap_free(pd->success_ops);
810         }
811         if (pd->failure_ops) {
812                 bitmap_free(pd->failure_ops);
813         }
814         SAFE_FREE(pd);
815         *p_data = NULL;
816 }
817
818 /* Implementation of vfs_ops.  Pass everything on to the default
819    operation but log event first. */
820
821 static int smb_full_audit_connect(vfs_handle_struct *handle,
822                          const char *svc, const char *user)
823 {
824         int result;
825         struct vfs_full_audit_private_data *pd = NULL;
826         const char *none[] = { NULL };
827         const char *all [] = { "all" };
828
829         if (!handle) {
830                 return -1;
831         }
832
833         pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
834         if (!pd) {
835                 return -1;
836         }
837         ZERO_STRUCTP(pd);
838
839         openlog("smbd_audit", 0, audit_syslog_facility(handle));
840
841         init_bitmap(&pd->success_ops,
842                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
843                                         none));
844         init_bitmap(&pd->failure_ops,
845                     lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
846                                         all));
847
848         /* Store the private data. */
849         SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
850                                 struct vfs_full_audit_private_data, return -1);
851
852         result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
853
854         do_log(SMB_VFS_OP_CONNECT, True, handle,
855                "%s", svc);
856
857         return result;
858 }
859
860 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
861 {
862         SMB_VFS_NEXT_DISCONNECT(handle);
863
864         do_log(SMB_VFS_OP_DISCONNECT, True, handle,
865                "%s", lp_servicename(SNUM(handle->conn)));
866
867         /* The bitmaps will be disconnected when the private
868            data is deleted. */
869
870         return;
871 }
872
873 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
874                                     const char *path,
875                                     BOOL small_query, SMB_BIG_UINT *bsize, 
876                                     SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
877 {
878         SMB_BIG_UINT result;
879
880         result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
881                                         dfree, dsize);
882
883         /* Don't have a reasonable notion of failure here */
884
885         do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
886
887         return result;
888 }
889
890 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
891                            enum SMB_QUOTA_TYPE qtype, unid_t id,
892                            SMB_DISK_QUOTA *qt)
893 {
894         int result;
895
896         result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
897
898         do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
899
900         return result;
901 }
902
903         
904 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
905                            enum SMB_QUOTA_TYPE qtype, unid_t id,
906                            SMB_DISK_QUOTA *qt)
907 {
908         int result;
909
910         result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
911
912         do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
913
914         return result;
915 }
916
917 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
918                                 struct files_struct *fsp,
919                                 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels)
920 {
921         int result;
922
923         result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
924
925         do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
926
927         return result;
928 }
929
930 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
931                                 const char *path,
932                                 struct vfs_statvfs_struct *statbuf)
933 {
934         int result;
935
936         result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
937
938         do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
939
940         return result;
941 }
942
943 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
944                           const char *fname, const char *mask, uint32 attr)
945 {
946         SMB_STRUCT_DIR *result;
947
948         result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
949
950         do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
951
952         return result;
953 }
954
955 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
956                                     SMB_STRUCT_DIR *dirp)
957 {
958         SMB_STRUCT_DIRENT *result;
959
960         result = SMB_VFS_NEXT_READDIR(handle, dirp);
961
962         /* This operation has no reasonable error condition
963          * (End of dir is also failure), so always succeed.
964          */
965         do_log(SMB_VFS_OP_READDIR, True, handle, "");
966
967         return result;
968 }
969
970 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
971                         SMB_STRUCT_DIR *dirp, long offset)
972 {
973         SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
974
975         do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
976         return;
977 }
978
979 static long smb_full_audit_telldir(vfs_handle_struct *handle,
980                         SMB_STRUCT_DIR *dirp)
981 {
982         long result;
983
984         result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
985
986         do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
987
988         return result;
989 }
990
991 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
992                         SMB_STRUCT_DIR *dirp)
993 {
994         SMB_VFS_NEXT_REWINDDIR(handle, dirp);
995
996         do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
997         return;
998 }
999
1000 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1001                        const char *path, mode_t mode)
1002 {
1003         int result;
1004         
1005         result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1006         
1007         do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1008
1009         return result;
1010 }
1011
1012 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1013                        const char *path)
1014 {
1015         int result;
1016         
1017         result = SMB_VFS_NEXT_RMDIR(handle, path);
1018
1019         do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1020
1021         return result;
1022 }
1023
1024 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1025                           SMB_STRUCT_DIR *dirp)
1026 {
1027         int result;
1028
1029         result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1030         
1031         do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1032
1033         return result;
1034 }
1035
1036 static int smb_full_audit_open(vfs_handle_struct *handle,
1037                       const char *fname, files_struct *fsp, int flags, mode_t mode)
1038 {
1039         int result;
1040         
1041         result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1042
1043         do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1044                ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1045                fname);
1046
1047         return result;
1048 }
1049
1050 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
1051 {
1052         int result;
1053         
1054         result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
1055
1056         do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1057
1058         return result;
1059 }
1060
1061 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1062                           int fd, void *data, size_t n)
1063 {
1064         ssize_t result;
1065
1066         result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
1067
1068         do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1069
1070         return result;
1071 }
1072
1073 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1074                            int fd, void *data, size_t n, SMB_OFF_T offset)
1075 {
1076         ssize_t result;
1077
1078         result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
1079
1080         do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1081
1082         return result;
1083 }
1084
1085 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1086                            int fd, const void *data, size_t n)
1087 {
1088         ssize_t result;
1089
1090         result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
1091
1092         do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1093
1094         return result;
1095 }
1096
1097 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1098                             int fd, const void *data, size_t n,
1099                             SMB_OFF_T offset)
1100 {
1101         ssize_t result;
1102
1103         result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
1104
1105         do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1106
1107         return result;
1108 }
1109
1110 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1111                              int filedes, SMB_OFF_T offset, int whence)
1112 {
1113         ssize_t result;
1114
1115         result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
1116
1117         do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1118                "%s", fsp->fsp_name);
1119
1120         return result;
1121 }
1122
1123 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1124                               files_struct *fsp, int fromfd,
1125                               const DATA_BLOB *hdr, SMB_OFF_T offset,
1126                               size_t n)
1127 {
1128         ssize_t result;
1129
1130         result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
1131                                        offset, n);
1132
1133         do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1134                "%s", fsp->fsp_name);
1135
1136         return result;
1137 }
1138
1139 static int smb_full_audit_rename(vfs_handle_struct *handle,
1140                         const char *oldname, const char *newname)
1141 {
1142         int result;
1143         
1144         result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1145
1146         do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1147
1148         return result;    
1149 }
1150
1151 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
1152 {
1153         int result;
1154         
1155         result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
1156
1157         do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1158
1159         return result;    
1160 }
1161
1162 static int smb_full_audit_stat(vfs_handle_struct *handle,
1163                       const char *fname, SMB_STRUCT_STAT *sbuf)
1164 {
1165         int result;
1166         
1167         result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1168
1169         do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1170
1171         return result;    
1172 }
1173
1174 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
1175                        SMB_STRUCT_STAT *sbuf)
1176 {
1177         int result;
1178         
1179         result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
1180
1181         do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1182
1183         return result;
1184 }
1185
1186 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1187                        const char *path, SMB_STRUCT_STAT *sbuf)
1188 {
1189         int result;
1190         
1191         result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1192
1193         do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1194
1195         return result;    
1196 }
1197
1198 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1199                         const char *path)
1200 {
1201         int result;
1202         
1203         result = SMB_VFS_NEXT_UNLINK(handle, path);
1204
1205         do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1206
1207         return result;
1208 }
1209
1210 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1211                        const char *path, mode_t mode)
1212 {
1213         int result;
1214
1215         result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1216
1217         do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1218
1219         return result;
1220 }
1221
1222 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1223                         mode_t mode)
1224 {
1225         int result;
1226         
1227         result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1228
1229         do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1230                "%s|%o", fsp->fsp_name, mode);
1231
1232         return result;
1233 }
1234
1235 static int smb_full_audit_chown(vfs_handle_struct *handle,
1236                        const char *path, uid_t uid, gid_t gid)
1237 {
1238         int result;
1239
1240         result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1241
1242         do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1243                path, (long int)uid, (long int)gid);
1244
1245         return result;
1246 }
1247
1248 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1249                         uid_t uid, gid_t gid)
1250 {
1251         int result;
1252
1253         result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1254
1255         do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1256                fsp->fsp_name, (long int)uid, (long int)gid);
1257
1258         return result;
1259 }
1260
1261 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1262                        const char *path)
1263 {
1264         int result;
1265
1266         result = SMB_VFS_NEXT_CHDIR(handle, path);
1267
1268         do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1269
1270         return result;
1271 }
1272
1273 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1274                          char *path)
1275 {
1276         char *result;
1277
1278         result = SMB_VFS_NEXT_GETWD(handle, path);
1279         
1280         do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1281
1282         return result;
1283 }
1284
1285 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1286                        const char *path, const struct timespec ts[2])
1287 {
1288         int result;
1289
1290         result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
1291
1292         do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1293
1294         return result;
1295 }
1296
1297 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1298                            int fd, SMB_OFF_T len)
1299 {
1300         int result;
1301
1302         result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1303
1304         do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1305                "%s", fsp->fsp_name);
1306
1307         return result;
1308 }
1309
1310 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1311                        int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1312 {
1313         BOOL result;
1314
1315         result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1316
1317         do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1318
1319         return result;
1320 }
1321
1322 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1323                                        struct files_struct *fsp, int fd,
1324                                        uint32 share_mode)
1325 {
1326         int result;
1327
1328         result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, fd, share_mode);
1329
1330         do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1331                fsp->fsp_name);
1332
1333         return result;
1334 }
1335
1336 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1337                                  int fd, int leasetype)
1338 {
1339         int result;
1340
1341         result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, fd, leasetype);
1342
1343         do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1344                fsp->fsp_name);
1345
1346         return result;
1347 }
1348
1349 static BOOL smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1350                        SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1351 {
1352         BOOL result;
1353
1354         result = SMB_VFS_NEXT_GETLOCK(handle, fsp, fd, poffset, pcount, ptype, ppid);
1355
1356         do_log(SMB_VFS_OP_GETLOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1357
1358         return result;
1359 }
1360
1361 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1362                          const char *oldpath, const char *newpath)
1363 {
1364         int result;
1365
1366         result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1367
1368         do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1369                "%s|%s", oldpath, newpath);
1370
1371         return result;
1372 }
1373
1374 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1375                           const char *path, char *buf, size_t bufsiz)
1376 {
1377         int result;
1378
1379         result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1380
1381         do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1382
1383         return result;
1384 }
1385
1386 static int smb_full_audit_link(vfs_handle_struct *handle,
1387                       const char *oldpath, const char *newpath)
1388 {
1389         int result;
1390
1391         result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1392
1393         do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1394                "%s|%s", oldpath, newpath);
1395
1396         return result;
1397 }
1398
1399 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1400                        const char *pathname, mode_t mode, SMB_DEV_T dev)
1401 {
1402         int result;
1403
1404         result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1405
1406         do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1407
1408         return result;
1409 }
1410
1411 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1412                             const char *path, char *resolved_path)
1413 {
1414         char *result;
1415
1416         result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1417
1418         do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1419
1420         return result;
1421 }
1422
1423 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1424                         struct sys_notify_context *ctx,
1425                         struct notify_entry *e,
1426                         void (*callback)(struct sys_notify_context *ctx,
1427                                         void *private_data,
1428                                         struct notify_event *ev),
1429                         void *private_data, void *handle_p)
1430 {
1431         NTSTATUS result;
1432
1433         result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1434
1435         do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1436
1437         return result;
1438 }
1439
1440 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1441                             const char *path, uint flags)
1442 {
1443         int result;
1444
1445         result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1446
1447         do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1448
1449         return result;
1450 }
1451
1452 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1453                                 int fd, uint32 security_info,
1454                                 SEC_DESC **ppdesc)
1455 {
1456         size_t result;
1457
1458         result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1459                                           ppdesc);
1460
1461         do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1462                "%s", fsp->fsp_name);
1463
1464         return result;
1465 }
1466
1467 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1468                                const char *name, uint32 security_info,
1469                                SEC_DESC **ppdesc)
1470 {
1471         size_t result;
1472
1473         result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1474                                          ppdesc);
1475
1476         do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1477                "%s", fsp->fsp_name);
1478
1479         return result;
1480 }
1481
1482 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1483                               int fd, uint32 security_info_sent,
1484                               SEC_DESC *psd)
1485 {
1486         BOOL result;
1487
1488         result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1489                                           psd);
1490
1491         do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1492
1493         return result;
1494 }
1495
1496 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1497                              const char *name, uint32 security_info_sent,
1498                              SEC_DESC *psd)
1499 {
1500         BOOL result;
1501
1502         result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1503                                          psd);
1504
1505         do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1506
1507         return result;
1508 }
1509
1510 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1511                            const char *path, mode_t mode)
1512 {
1513         int result;
1514         
1515         result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1516
1517         do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1518                "%s|%o", path, mode);
1519
1520         return result;
1521 }
1522
1523 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1524                             int fd, mode_t mode)
1525 {
1526         int result;
1527         
1528         result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1529
1530         do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1531                "%s|%o", fsp->fsp_name, mode);
1532
1533         return result;
1534 }
1535
1536 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1537
1538                                    SMB_ACL_T theacl, int entry_id,
1539                                    SMB_ACL_ENTRY_T *entry_p)
1540 {
1541         int result;
1542
1543         result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1544                                                 entry_p);
1545
1546         do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1547                "");
1548
1549         return result;
1550 }
1551
1552 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1553
1554                                       SMB_ACL_ENTRY_T entry_d,
1555                                       SMB_ACL_TAG_T *tag_type_p)
1556 {
1557         int result;
1558
1559         result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1560                                                    tag_type_p);
1561
1562         do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1563                "");
1564
1565         return result;
1566 }
1567
1568 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1569
1570                                      SMB_ACL_ENTRY_T entry_d,
1571                                      SMB_ACL_PERMSET_T *permset_p)
1572 {
1573         int result;
1574
1575         result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1576                                                   permset_p);
1577
1578         do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1579                "");
1580
1581         return result;
1582 }
1583
1584 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1585
1586                                           SMB_ACL_ENTRY_T entry_d)
1587 {
1588         void *result;
1589
1590         result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1591
1592         do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1593                "");
1594
1595         return result;
1596 }
1597
1598 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1599                                         const char *path_p,
1600                                         SMB_ACL_TYPE_T type)
1601 {
1602         SMB_ACL_T result;
1603
1604         result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1605
1606         do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1607                "%s", path_p);
1608
1609         return result;
1610 }
1611
1612 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1613                                       files_struct *fsp, int fd)
1614 {
1615         SMB_ACL_T result;
1616
1617         result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1618
1619         do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1620                "%s", fsp->fsp_name);
1621
1622         return result;
1623 }
1624
1625 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1626
1627                                      SMB_ACL_PERMSET_T permset)
1628 {
1629         int result;
1630
1631         result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1632
1633         do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1634                "");
1635
1636         return result;
1637 }
1638
1639 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1640
1641                                   SMB_ACL_PERMSET_T permset,
1642                                   SMB_ACL_PERM_T perm)
1643 {
1644         int result;
1645
1646         result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1647
1648         do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1649                "");
1650
1651         return result;
1652 }
1653
1654 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1655                                     SMB_ACL_T theacl,
1656                                     ssize_t *plen)
1657 {
1658         char * result;
1659
1660         result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1661
1662         do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1663                "");
1664
1665         return result;
1666 }
1667
1668 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1669
1670                                     int count)
1671 {
1672         SMB_ACL_T result;
1673
1674         result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1675
1676         do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1677                "");
1678
1679         return result;
1680 }
1681
1682 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1683                                       SMB_ACL_T *pacl,
1684                                       SMB_ACL_ENTRY_T *pentry)
1685 {
1686         int result;
1687
1688         result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1689
1690         do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1691                "");
1692
1693         return result;
1694 }
1695
1696 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1697
1698                                       SMB_ACL_ENTRY_T entry,
1699                                       SMB_ACL_TAG_T tagtype)
1700 {
1701         int result;
1702
1703         result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1704                                                    tagtype);
1705
1706         do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1707                "");
1708
1709         return result;
1710 }
1711
1712 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1713
1714                                        SMB_ACL_ENTRY_T entry,
1715                                        void *qual)
1716 {
1717         int result;
1718
1719         result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1720
1721         do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1722                "");
1723
1724         return result;
1725 }
1726
1727 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1728
1729                                      SMB_ACL_ENTRY_T entry,
1730                                      SMB_ACL_PERMSET_T permset)
1731 {
1732         int result;
1733
1734         result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1735
1736         do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1737                "");
1738
1739         return result;
1740 }
1741
1742 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1743
1744                                SMB_ACL_T theacl )
1745 {
1746         int result;
1747
1748         result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1749
1750         do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1751                "");
1752
1753         return result;
1754 }
1755
1756 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1757
1758                                   const char *name, SMB_ACL_TYPE_T acltype,
1759                                   SMB_ACL_T theacl)
1760 {
1761         int result;
1762
1763         result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1764                                                theacl);
1765
1766         do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1767                "%s", name);
1768
1769         return result;
1770 }
1771
1772 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1773                                 int fd, SMB_ACL_T theacl)
1774 {
1775         int result;
1776
1777         result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1778
1779         do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1780                "%s", fsp->fsp_name);
1781
1782         return result;
1783 }
1784
1785 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1786
1787                                          const char *path)
1788 {
1789         int result;
1790
1791         result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1792
1793         do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1794                "%s", path);
1795
1796         return result;
1797 }
1798
1799 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1800
1801                                   SMB_ACL_PERMSET_T permset,
1802                                   SMB_ACL_PERM_T perm)
1803 {
1804         int result;
1805
1806         result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1807
1808         do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1809                "");
1810
1811         return result;
1812 }
1813
1814 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1815
1816                                    char *text)
1817 {
1818         int result;
1819
1820         result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1821
1822         do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1823                "");
1824
1825         return result;
1826 }
1827
1828 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1829
1830                                   SMB_ACL_T posix_acl)
1831 {
1832         int result;
1833
1834         result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1835
1836         do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1837                "");
1838
1839         return result;
1840 }
1841
1842 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1843                                         void *qualifier,
1844                                         SMB_ACL_TAG_T tagtype)
1845 {
1846         int result;
1847
1848         result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1849                                                      tagtype);
1850
1851         do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1852                "");
1853
1854         return result;
1855 }
1856
1857 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1858                               const char *path,
1859                               const char *name, void *value, size_t size)
1860 {
1861         ssize_t result;
1862
1863         result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1864
1865         do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1866                "%s|%s", path, name);
1867
1868         return result;
1869 }
1870
1871 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1872                                const char *path, const char *name,
1873                                void *value, size_t size)
1874 {
1875         ssize_t result;
1876
1877         result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1878
1879         do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1880                "%s|%s", path, name);
1881
1882         return result;
1883 }
1884
1885 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1886                                struct files_struct *fsp, int fd,
1887                                const char *name, void *value, size_t size)
1888 {
1889         ssize_t result;
1890
1891         result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1892
1893         do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1894                "%s|%s", fsp->fsp_name, name);
1895
1896         return result;
1897 }
1898
1899 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1900                                const char *path, char *list, size_t size)
1901 {
1902         ssize_t result;
1903
1904         result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1905
1906         do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1907
1908         return result;
1909 }
1910
1911 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1912                                 const char *path, char *list, size_t size)
1913 {
1914         ssize_t result;
1915
1916         result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1917
1918         do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1919
1920         return result;
1921 }
1922
1923 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1924                                 struct files_struct *fsp, int fd, char *list,
1925                                 size_t size)
1926 {
1927         ssize_t result;
1928
1929         result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1930
1931         do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1932                "%s", fsp->fsp_name);
1933
1934         return result;
1935 }
1936
1937 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1938                              const char *path,
1939                              const char *name)
1940 {
1941         int result;
1942
1943         result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1944
1945         do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1946                "%s|%s", path, name);
1947
1948         return result;
1949 }
1950
1951 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
1952                               const char *path,
1953                               const char *name)
1954 {
1955         int result;
1956
1957         result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
1958
1959         do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1960                "%s|%s", path, name);
1961
1962         return result;
1963 }
1964
1965 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1966                               struct files_struct *fsp, int fd,
1967                               const char *name)
1968 {
1969         int result;
1970
1971         result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1972
1973         do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1974                "%s|%s", fsp->fsp_name, name);
1975
1976         return result;
1977 }
1978
1979 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1980                           const char *path,
1981                           const char *name, const void *value, size_t size,
1982                           int flags)
1983 {
1984         int result;
1985
1986         result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
1987                                        flags);
1988
1989         do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1990                "%s|%s", path, name);
1991
1992         return result;
1993 }
1994
1995 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
1996                            const char *path,
1997                            const char *name, const void *value, size_t size,
1998                            int flags)
1999 {
2000         int result;
2001
2002         result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2003                                         flags);
2004
2005         do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2006                "%s|%s", path, name);
2007
2008         return result;
2009 }
2010
2011 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2012                            struct files_struct *fsp, int fd, const char *name,
2013                            const void *value, size_t size, int flags)
2014 {
2015         int result;
2016
2017         result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
2018                                         flags);
2019
2020         do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2021                "%s|%s", fsp->fsp_name, name);
2022
2023         return result;
2024 }
2025
2026 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2027 {
2028         int result;
2029
2030         result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2031         do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2032                 "%s", fsp->fsp_name);
2033
2034         return result;
2035 }
2036
2037 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2038 {
2039         int result;
2040
2041         result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2042         do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2043                 "%s", fsp->fsp_name);
2044
2045         return result;
2046 }
2047
2048 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2049 {
2050         int result;
2051
2052         result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2053         do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2054                 "%s", fsp->fsp_name);
2055
2056         return result;
2057 }
2058
2059 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb)
2060 {
2061         int result;
2062
2063         result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, fd, aiocb);
2064         do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2065                 "%s", fsp->fsp_name);
2066
2067         return result;
2068 }
2069
2070 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2071 {
2072         int result;
2073
2074         result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2075         do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2076                 "%s", fsp->fsp_name);
2077
2078         return result;
2079 }
2080
2081 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2082 {
2083         int result;
2084
2085         result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2086         do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2087                 "%s", fsp->fsp_name);
2088
2089         return result;
2090 }
2091
2092 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2093 {
2094         int result;
2095
2096         result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2097         do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2098                 "%s", fsp->fsp_name);
2099
2100         return result;
2101 }
2102
2103
2104 NTSTATUS vfs_full_audit_init(void);
2105 NTSTATUS vfs_full_audit_init(void)
2106 {
2107         NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2108                                         "full_audit", audit_op_tuples);
2109         
2110         if (!NT_STATUS_IS_OK(ret))
2111                 return ret;
2112
2113         vfs_full_audit_debug_level = debug_add_class("full_audit");
2114         if (vfs_full_audit_debug_level == -1) {
2115                 vfs_full_audit_debug_level = DBGC_VFS;
2116                 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2117                           "class!\n"));
2118         } else {
2119                 DEBUG(10, ("vfs_full_audit: Debug class number of "
2120                            "'full_audit': %d\n", vfs_full_audit_debug_level));
2121         }
2122         
2123         return ret;
2124 }