2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 static int vfs_full_audit_debug_level = DBGC_VFS;
64 struct vfs_full_audit_private_data {
65 struct bitmap *success_ops;
66 struct bitmap *failure_ops;
70 #define DBGC_CLASS vfs_full_audit_debug_level
72 typedef enum _vfs_op_type {
77 SMB_VFS_OP_CONNECT = 0,
78 SMB_VFS_OP_DISCONNECT,
82 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
84 SMB_VFS_OP_FS_CAPABILITIES,
86 /* Directory operations */
96 SMB_VFS_OP_INIT_SEARCH_OP,
101 SMB_VFS_OP_CREATE_FILE,
115 SMB_VFS_OP_GET_ALLOC_SIZE,
125 SMB_VFS_OP_FTRUNCATE,
127 SMB_VFS_OP_KERNEL_FLOCK,
128 SMB_VFS_OP_LINUX_SETLEASE,
135 SMB_VFS_OP_NOTIFY_WATCH,
137 SMB_VFS_OP_FILE_ID_CREATE,
138 SMB_VFS_OP_STREAMINFO,
139 SMB_VFS_OP_GET_REAL_FILENAME,
140 SMB_VFS_OP_CONNECTPATH,
141 SMB_VFS_OP_BRL_LOCK_WINDOWS,
142 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
143 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
144 SMB_VFS_OP_STRICT_LOCK,
145 SMB_VFS_OP_STRICT_UNLOCK,
147 /* NT ACL operations. */
149 SMB_VFS_OP_FGET_NT_ACL,
150 SMB_VFS_OP_GET_NT_ACL,
151 SMB_VFS_OP_FSET_NT_ACL,
153 /* POSIX ACL operations. */
155 SMB_VFS_OP_CHMOD_ACL,
156 SMB_VFS_OP_FCHMOD_ACL,
158 SMB_VFS_OP_SYS_ACL_GET_ENTRY,
159 SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
160 SMB_VFS_OP_SYS_ACL_GET_PERMSET,
161 SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
162 SMB_VFS_OP_SYS_ACL_GET_FILE,
163 SMB_VFS_OP_SYS_ACL_GET_FD,
164 SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
165 SMB_VFS_OP_SYS_ACL_ADD_PERM,
166 SMB_VFS_OP_SYS_ACL_TO_TEXT,
167 SMB_VFS_OP_SYS_ACL_INIT,
168 SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
169 SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
170 SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
171 SMB_VFS_OP_SYS_ACL_SET_PERMSET,
172 SMB_VFS_OP_SYS_ACL_VALID,
173 SMB_VFS_OP_SYS_ACL_SET_FILE,
174 SMB_VFS_OP_SYS_ACL_SET_FD,
175 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
176 SMB_VFS_OP_SYS_ACL_GET_PERM,
177 SMB_VFS_OP_SYS_ACL_FREE_TEXT,
178 SMB_VFS_OP_SYS_ACL_FREE_ACL,
179 SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
183 SMB_VFS_OP_LGETXATTR,
184 SMB_VFS_OP_FGETXATTR,
185 SMB_VFS_OP_LISTXATTR,
186 SMB_VFS_OP_LLISTXATTR,
187 SMB_VFS_OP_FLISTXATTR,
188 SMB_VFS_OP_REMOVEXATTR,
189 SMB_VFS_OP_LREMOVEXATTR,
190 SMB_VFS_OP_FREMOVEXATTR,
192 SMB_VFS_OP_LSETXATTR,
193 SMB_VFS_OP_FSETXATTR,
197 SMB_VFS_OP_AIO_WRITE,
198 SMB_VFS_OP_AIO_RETURN,
199 SMB_VFS_OP_AIO_CANCEL,
200 SMB_VFS_OP_AIO_ERROR,
201 SMB_VFS_OP_AIO_FSYNC,
202 SMB_VFS_OP_AIO_SUSPEND,
203 SMB_VFS_OP_AIO_FORCE,
205 /* offline operations */
206 SMB_VFS_OP_IS_OFFLINE,
207 SMB_VFS_OP_SET_OFFLINE,
209 /* This should always be last enum value */
214 /* The following array *must* be in the same order as defined in vfs.h */
220 { SMB_VFS_OP_CONNECT, "connect" },
221 { SMB_VFS_OP_DISCONNECT, "disconnect" },
222 { SMB_VFS_OP_DISK_FREE, "disk_free" },
223 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
224 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
225 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
226 { SMB_VFS_OP_STATVFS, "statvfs" },
227 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
228 { SMB_VFS_OP_OPENDIR, "opendir" },
229 { SMB_VFS_OP_READDIR, "readdir" },
230 { SMB_VFS_OP_SEEKDIR, "seekdir" },
231 { SMB_VFS_OP_TELLDIR, "telldir" },
232 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
233 { SMB_VFS_OP_MKDIR, "mkdir" },
234 { SMB_VFS_OP_RMDIR, "rmdir" },
235 { SMB_VFS_OP_CLOSEDIR, "closedir" },
236 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
237 { SMB_VFS_OP_OPEN, "open" },
238 { SMB_VFS_OP_CREATE_FILE, "create_file" },
239 { SMB_VFS_OP_CLOSE, "close" },
240 { SMB_VFS_OP_READ, "read" },
241 { SMB_VFS_OP_PREAD, "pread" },
242 { SMB_VFS_OP_WRITE, "write" },
243 { SMB_VFS_OP_PWRITE, "pwrite" },
244 { SMB_VFS_OP_LSEEK, "lseek" },
245 { SMB_VFS_OP_SENDFILE, "sendfile" },
246 { SMB_VFS_OP_RECVFILE, "recvfile" },
247 { SMB_VFS_OP_RENAME, "rename" },
248 { SMB_VFS_OP_FSYNC, "fsync" },
249 { SMB_VFS_OP_STAT, "stat" },
250 { SMB_VFS_OP_FSTAT, "fstat" },
251 { SMB_VFS_OP_LSTAT, "lstat" },
252 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
253 { SMB_VFS_OP_UNLINK, "unlink" },
254 { SMB_VFS_OP_CHMOD, "chmod" },
255 { SMB_VFS_OP_FCHMOD, "fchmod" },
256 { SMB_VFS_OP_CHOWN, "chown" },
257 { SMB_VFS_OP_FCHOWN, "fchown" },
258 { SMB_VFS_OP_LCHOWN, "lchown" },
259 { SMB_VFS_OP_CHDIR, "chdir" },
260 { SMB_VFS_OP_GETWD, "getwd" },
261 { SMB_VFS_OP_NTIMES, "ntimes" },
262 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
263 { SMB_VFS_OP_LOCK, "lock" },
264 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
265 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
266 { SMB_VFS_OP_GETLOCK, "getlock" },
267 { SMB_VFS_OP_SYMLINK, "symlink" },
268 { SMB_VFS_OP_READLINK, "readlink" },
269 { SMB_VFS_OP_LINK, "link" },
270 { SMB_VFS_OP_MKNOD, "mknod" },
271 { SMB_VFS_OP_REALPATH, "realpath" },
272 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
273 { SMB_VFS_OP_CHFLAGS, "chflags" },
274 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
275 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
276 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
277 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
278 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
279 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
280 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
281 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
282 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
283 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
284 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
285 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
286 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
287 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
288 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
289 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
290 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
291 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
292 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
293 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
294 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
295 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
296 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
297 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
298 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
299 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
300 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
301 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
302 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
303 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
304 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
305 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
306 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
307 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
308 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
309 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
310 { SMB_VFS_OP_GETXATTR, "getxattr" },
311 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
312 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
313 { SMB_VFS_OP_LISTXATTR, "listxattr" },
314 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
315 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
316 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
317 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
318 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
319 { SMB_VFS_OP_SETXATTR, "setxattr" },
320 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
321 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
322 { SMB_VFS_OP_AIO_READ, "aio_read" },
323 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
324 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
325 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
326 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
327 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
328 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
329 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
330 { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
331 { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
332 { SMB_VFS_OP_LAST, NULL }
335 static int audit_syslog_facility(vfs_handle_struct *handle)
337 static const struct enum_list enum_log_facilities[] = {
338 { LOG_USER, "USER" },
339 { LOG_LOCAL0, "LOCAL0" },
340 { LOG_LOCAL1, "LOCAL1" },
341 { LOG_LOCAL2, "LOCAL2" },
342 { LOG_LOCAL3, "LOCAL3" },
343 { LOG_LOCAL4, "LOCAL4" },
344 { LOG_LOCAL5, "LOCAL5" },
345 { LOG_LOCAL6, "LOCAL6" },
346 { LOG_LOCAL7, "LOCAL7" }
351 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
356 static int audit_syslog_priority(vfs_handle_struct *handle)
358 static const struct enum_list enum_log_priorities[] = {
359 { LOG_EMERG, "EMERG" },
360 { LOG_ALERT, "ALERT" },
361 { LOG_CRIT, "CRIT" },
363 { LOG_WARNING, "WARNING" },
364 { LOG_NOTICE, "NOTICE" },
365 { LOG_INFO, "INFO" },
366 { LOG_DEBUG, "DEBUG" }
371 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
372 enum_log_priorities, LOG_NOTICE);
373 if (priority == -1) {
374 priority = LOG_WARNING;
380 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
385 prefix = talloc_strdup(ctx,
386 lp_parm_const_string(SNUM(conn), "full_audit",
391 result = talloc_sub_advanced(ctx,
392 lp_servicename(SNUM(conn)),
393 conn->server_info->unix_name,
395 conn->server_info->utok.gid,
396 conn->server_info->sanitized_username,
397 pdb_get_domain(conn->server_info->sam_account),
403 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
405 struct vfs_full_audit_private_data *pd = NULL;
407 SMB_VFS_HANDLE_GET_DATA(handle, pd,
408 struct vfs_full_audit_private_data,
411 if (pd->success_ops == NULL) {
415 return bitmap_query(pd->success_ops, op);
418 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
420 struct vfs_full_audit_private_data *pd = NULL;
422 SMB_VFS_HANDLE_GET_DATA(handle, pd,
423 struct vfs_full_audit_private_data,
426 if (pd->failure_ops == NULL)
429 return bitmap_query(pd->failure_ops, op);
432 static void init_bitmap(struct bitmap **bm, const char **ops)
434 bool log_all = False;
439 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
442 DEBUG(0, ("Could not alloc bitmap -- "
443 "defaulting to logging everything\n"));
447 while (*ops != NULL) {
451 if (strequal(*ops, "all")) {
456 if (strequal(*ops, "none")) {
460 for (i=0; i<SMB_VFS_OP_LAST; i++) {
461 if (vfs_op_names[i].name == NULL) {
462 smb_panic("vfs_full_audit.c: name table not "
463 "in sync with vfs.h\n");
466 if (strequal(*ops, vfs_op_names[i].name)) {
472 DEBUG(0, ("Could not find opname %s, logging all\n",
481 /* The query functions default to True */
487 static const char *audit_opname(vfs_op_type op)
489 if (op >= SMB_VFS_OP_LAST)
490 return "INVALID VFS OP";
491 return vfs_op_names[op].name;
494 static TALLOC_CTX *tmp_do_log_ctx;
496 * Get us a temporary talloc context usable just for DEBUG arguments
498 static TALLOC_CTX *do_log_ctx(void)
500 if (tmp_do_log_ctx == NULL) {
501 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
503 return tmp_do_log_ctx;
506 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
507 const char *format, ...)
510 char *audit_pre = NULL;
515 if (success && (!log_success(handle, op)))
518 if (!success && (!log_failure(handle, op)))
522 fstrcpy(err_msg, "ok");
524 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
526 va_start(ap, format);
527 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
535 * Specify the facility to interoperate with other syslog callers
536 * (smbd for example).
538 priority = audit_syslog_priority(handle) |
539 audit_syslog_facility(handle);
541 audit_pre = audit_prefix(talloc_tos(), handle->conn);
542 syslog(priority, "%s|%s|%s|%s\n",
543 audit_pre ? audit_pre : "",
544 audit_opname(op), err_msg, op_msg);
547 TALLOC_FREE(audit_pre);
549 TALLOC_FREE(tmp_do_log_ctx);
555 * Return a string using the do_log_ctx()
557 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
562 if (smb_fname == NULL) {
565 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
566 if (!NT_STATUS_IS_OK(status)) {
573 * Return an fsp debug string using the do_log_ctx()
575 static const char *fsp_str_do_log(const struct files_struct *fsp)
577 return smb_fname_str_do_log(fsp->fsp_name);
580 /* Free function for the private data. */
582 static void free_private_data(void **p_data)
584 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
586 if (pd->success_ops) {
587 bitmap_free(pd->success_ops);
589 if (pd->failure_ops) {
590 bitmap_free(pd->failure_ops);
596 /* Implementation of vfs_ops. Pass everything on to the default
597 operation but log event first. */
599 static int smb_full_audit_connect(vfs_handle_struct *handle,
600 const char *svc, const char *user)
603 struct vfs_full_audit_private_data *pd = NULL;
604 const char *none[] = { NULL };
605 const char *all [] = { "all" };
611 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
618 openlog("smbd_audit", 0, audit_syslog_facility(handle));
621 init_bitmap(&pd->success_ops,
622 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
624 init_bitmap(&pd->failure_ops,
625 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
628 /* Store the private data. */
629 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
630 struct vfs_full_audit_private_data, return -1);
632 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
634 do_log(SMB_VFS_OP_CONNECT, True, handle,
640 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
642 SMB_VFS_NEXT_DISCONNECT(handle);
644 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
645 "%s", lp_servicename(SNUM(handle->conn)));
647 /* The bitmaps will be disconnected when the private
653 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
655 bool small_query, uint64_t *bsize,
656 uint64_t *dfree, uint64_t *dsize)
660 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
663 /* Don't have a reasonable notion of failure here */
665 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
670 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
671 enum SMB_QUOTA_TYPE qtype, unid_t id,
676 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
678 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
684 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
685 enum SMB_QUOTA_TYPE qtype, unid_t id,
690 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
692 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
697 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
698 struct files_struct *fsp,
699 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
703 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
705 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
710 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
712 struct vfs_statvfs_struct *statbuf)
716 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
718 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
723 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
727 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
729 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
734 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
735 const char *fname, const char *mask, uint32 attr)
737 SMB_STRUCT_DIR *result;
739 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
741 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
746 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
747 SMB_STRUCT_DIR *dirp, SMB_STRUCT_STAT *sbuf)
749 SMB_STRUCT_DIRENT *result;
751 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
753 /* This operation has no reasonable error condition
754 * (End of dir is also failure), so always succeed.
756 do_log(SMB_VFS_OP_READDIR, True, handle, "");
761 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
762 SMB_STRUCT_DIR *dirp, long offset)
764 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
766 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
770 static long smb_full_audit_telldir(vfs_handle_struct *handle,
771 SMB_STRUCT_DIR *dirp)
775 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
777 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
782 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
783 SMB_STRUCT_DIR *dirp)
785 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
787 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
791 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
792 const char *path, mode_t mode)
796 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
798 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
803 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
808 result = SMB_VFS_NEXT_RMDIR(handle, path);
810 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
815 static int smb_full_audit_closedir(vfs_handle_struct *handle,
816 SMB_STRUCT_DIR *dirp)
820 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
822 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
827 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
828 SMB_STRUCT_DIR *dirp)
830 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
832 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
836 static int smb_full_audit_open(vfs_handle_struct *handle,
837 struct smb_filename *smb_fname,
838 files_struct *fsp, int flags, mode_t mode)
842 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
844 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
845 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
846 smb_fname_str_do_log(smb_fname));
851 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
852 struct smb_request *req,
853 uint16_t root_dir_fid,
854 struct smb_filename *smb_fname,
855 uint32_t access_mask,
856 uint32_t share_access,
857 uint32_t create_disposition,
858 uint32_t create_options,
859 uint32_t file_attributes,
860 uint32_t oplock_request,
861 uint64_t allocation_size,
862 struct security_descriptor *sd,
863 struct ea_list *ea_list,
864 files_struct **result_fsp,
868 const char* str_create_disposition;
870 switch (create_disposition) {
872 str_create_disposition = "supersede";
874 case FILE_OVERWRITE_IF:
875 str_create_disposition = "overwrite_if";
878 str_create_disposition = "open";
881 str_create_disposition = "overwrite";
884 str_create_disposition = "create";
887 str_create_disposition = "open_if";
890 str_create_disposition = "unknown";
893 result = SMB_VFS_NEXT_CREATE_FILE(
896 root_dir_fid, /* root_dir_fid */
897 smb_fname, /* fname */
898 access_mask, /* access_mask */
899 share_access, /* share_access */
900 create_disposition, /* create_disposition*/
901 create_options, /* create_options */
902 file_attributes, /* file_attributes */
903 oplock_request, /* oplock_request */
904 allocation_size, /* allocation_size */
906 ea_list, /* ea_list */
907 result_fsp, /* result */
910 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
911 "0x%x|%s|%s|%s", access_mask,
912 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
913 str_create_disposition, smb_fname_str_do_log(smb_fname));
918 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
922 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
924 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
925 fsp_str_do_log(fsp));
930 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
931 void *data, size_t n)
935 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
937 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
938 fsp_str_do_log(fsp));
943 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
944 void *data, size_t n, SMB_OFF_T offset)
948 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
950 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
951 fsp_str_do_log(fsp));
956 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
957 const void *data, size_t n)
961 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
963 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
964 fsp_str_do_log(fsp));
969 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
970 const void *data, size_t n,
975 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
977 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
978 fsp_str_do_log(fsp));
983 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
984 SMB_OFF_T offset, int whence)
988 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
990 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
991 "%s", fsp_str_do_log(fsp));
996 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
997 files_struct *fromfsp,
998 const DATA_BLOB *hdr, SMB_OFF_T offset,
1003 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1005 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1006 "%s", fsp_str_do_log(fromfsp));
1011 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1012 files_struct *tofsp,
1018 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1020 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1021 "%s", fsp_str_do_log(tofsp));
1026 static int smb_full_audit_rename(vfs_handle_struct *handle,
1027 const struct smb_filename *smb_fname_src,
1028 const struct smb_filename *smb_fname_dst)
1032 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1034 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1035 smb_fname_str_do_log(smb_fname_src),
1036 smb_fname_str_do_log(smb_fname_dst));
1041 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1045 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1047 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1048 fsp_str_do_log(fsp));
1053 static int smb_full_audit_stat(vfs_handle_struct *handle,
1054 struct smb_filename *smb_fname)
1058 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1060 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1061 smb_fname_str_do_log(smb_fname));
1066 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1067 SMB_STRUCT_STAT *sbuf)
1071 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1073 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1074 fsp_str_do_log(fsp));
1079 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1080 struct smb_filename *smb_fname)
1084 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1086 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1087 smb_fname_str_do_log(smb_fname));
1092 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1093 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1097 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1099 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result >= 0), handle, "%d", result);
1104 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1105 const struct smb_filename *smb_fname)
1109 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1111 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1112 smb_fname_str_do_log(smb_fname));
1117 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1118 const char *path, mode_t mode)
1122 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1124 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1129 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1134 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1136 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1137 "%s|%o", fsp_str_do_log(fsp), mode);
1142 static int smb_full_audit_chown(vfs_handle_struct *handle,
1143 const char *path, uid_t uid, gid_t gid)
1147 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1149 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1150 path, (long int)uid, (long int)gid);
1155 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1156 uid_t uid, gid_t gid)
1160 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1162 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1163 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1168 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1169 const char *path, uid_t uid, gid_t gid)
1173 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1175 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1176 path, (long int)uid, (long int)gid);
1181 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1186 result = SMB_VFS_NEXT_CHDIR(handle, path);
1188 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1193 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1198 result = SMB_VFS_NEXT_GETWD(handle, path);
1200 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1205 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1206 const struct smb_filename *smb_fname,
1207 struct smb_file_time *ft)
1211 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1213 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1214 smb_fname_str_do_log(smb_fname));
1219 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1224 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1226 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1227 "%s", fsp_str_do_log(fsp));
1232 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1233 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1237 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1239 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1244 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1245 struct files_struct *fsp,
1250 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1252 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1253 fsp_str_do_log(fsp));
1258 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1263 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1265 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1266 fsp_str_do_log(fsp));
1271 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1272 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1276 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1278 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1283 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1284 const char *oldpath, const char *newpath)
1288 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1290 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1291 "%s|%s", oldpath, newpath);
1296 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1297 const char *path, char *buf, size_t bufsiz)
1301 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1303 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1308 static int smb_full_audit_link(vfs_handle_struct *handle,
1309 const char *oldpath, const char *newpath)
1313 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1315 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1316 "%s|%s", oldpath, newpath);
1321 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1322 const char *pathname, mode_t mode, SMB_DEV_T dev)
1326 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1328 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1333 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1334 const char *path, char *resolved_path)
1338 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1340 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1345 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1346 struct sys_notify_context *ctx,
1347 struct notify_entry *e,
1348 void (*callback)(struct sys_notify_context *ctx,
1350 struct notify_event *ev),
1351 void *private_data, void *handle_p)
1355 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1357 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1362 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1363 const char *path, unsigned int flags)
1367 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1369 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1374 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1375 const SMB_STRUCT_STAT *sbuf)
1377 struct file_id id_zero;
1378 struct file_id result;
1380 ZERO_STRUCT(id_zero);
1382 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1384 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1385 !file_id_equal(&id_zero, &result),
1386 handle, "%s", file_id_string_tos(&result));
1391 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1392 struct files_struct *fsp,
1394 TALLOC_CTX *mem_ctx,
1395 unsigned int *pnum_streams,
1396 struct stream_struct **pstreams)
1400 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1401 pnum_streams, pstreams);
1403 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1409 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1412 TALLOC_CTX *mem_ctx,
1417 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1420 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1421 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1426 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1431 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1433 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1439 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1440 struct byte_range_lock *br_lck,
1441 struct lock_struct *plock,
1443 struct blocking_lock_record *blr)
1447 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1448 blocking_lock, blr);
1450 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1451 "%s:%llu-%llu. type=%d. blocking=%d", fsp_str_do_log(br_lck->fsp),
1452 plock->start, plock->size, plock->lock_type, blocking_lock );
1457 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1458 struct messaging_context *msg_ctx,
1459 struct byte_range_lock *br_lck,
1460 const struct lock_struct *plock)
1464 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1467 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1468 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1469 plock->size, plock->lock_type);
1474 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1475 struct byte_range_lock *br_lck,
1476 struct lock_struct *plock,
1477 struct blocking_lock_record *blr)
1481 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1483 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1484 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1490 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1491 struct files_struct *fsp,
1492 struct lock_struct *plock)
1496 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1498 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1499 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1505 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1506 struct files_struct *fsp,
1507 struct lock_struct *plock)
1509 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1511 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1512 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1518 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1519 uint32 security_info,
1524 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1526 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1527 "%s", fsp_str_do_log(fsp));
1532 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1534 uint32 security_info,
1539 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1541 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1547 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1548 uint32 security_info_sent,
1549 const SEC_DESC *psd)
1553 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1555 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1556 fsp_str_do_log(fsp));
1561 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1562 const char *path, mode_t mode)
1566 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1568 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1569 "%s|%o", path, mode);
1574 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1579 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1581 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1582 "%s|%o", fsp_str_do_log(fsp), mode);
1587 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1589 SMB_ACL_T theacl, int entry_id,
1590 SMB_ACL_ENTRY_T *entry_p)
1594 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1597 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1603 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1605 SMB_ACL_ENTRY_T entry_d,
1606 SMB_ACL_TAG_T *tag_type_p)
1610 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1613 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1619 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1621 SMB_ACL_ENTRY_T entry_d,
1622 SMB_ACL_PERMSET_T *permset_p)
1626 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1629 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1635 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1637 SMB_ACL_ENTRY_T entry_d)
1641 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1643 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1649 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1651 SMB_ACL_TYPE_T type)
1655 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1657 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1663 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1668 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1670 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1671 "%s", fsp_str_do_log(fsp));
1676 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1678 SMB_ACL_PERMSET_T permset)
1682 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1684 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1690 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1692 SMB_ACL_PERMSET_T permset,
1693 SMB_ACL_PERM_T perm)
1697 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1699 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1705 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1711 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1713 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1719 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1725 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1727 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1733 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1735 SMB_ACL_ENTRY_T *pentry)
1739 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1741 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1747 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1749 SMB_ACL_ENTRY_T entry,
1750 SMB_ACL_TAG_T tagtype)
1754 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1757 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1763 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1765 SMB_ACL_ENTRY_T entry,
1770 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1772 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1778 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1780 SMB_ACL_ENTRY_T entry,
1781 SMB_ACL_PERMSET_T permset)
1785 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1787 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1793 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1799 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1801 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1807 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1809 const char *name, SMB_ACL_TYPE_T acltype,
1814 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1817 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1823 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1828 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1830 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1831 "%s", fsp_str_do_log(fsp));
1836 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1842 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1844 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1850 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1852 SMB_ACL_PERMSET_T permset,
1853 SMB_ACL_PERM_T perm)
1857 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1859 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1865 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1871 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1873 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1879 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1881 SMB_ACL_T posix_acl)
1885 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1887 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1893 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1895 SMB_ACL_TAG_T tagtype)
1899 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1902 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1908 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1910 const char *name, void *value, size_t size)
1914 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1916 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1917 "%s|%s", path, name);
1922 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1923 const char *path, const char *name,
1924 void *value, size_t size)
1928 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1930 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1931 "%s|%s", path, name);
1936 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1937 struct files_struct *fsp,
1938 const char *name, void *value, size_t size)
1942 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1944 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1945 "%s|%s", fsp_str_do_log(fsp), name);
1950 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1951 const char *path, char *list, size_t size)
1955 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1957 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1962 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1963 const char *path, char *list, size_t size)
1967 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1969 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1974 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1975 struct files_struct *fsp, char *list,
1980 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
1982 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1983 "%s", fsp_str_do_log(fsp));
1988 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1994 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1996 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1997 "%s|%s", path, name);
2002 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2008 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2010 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2011 "%s|%s", path, name);
2016 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2017 struct files_struct *fsp,
2022 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2024 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2025 "%s|%s", fsp_str_do_log(fsp), name);
2030 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2032 const char *name, const void *value, size_t size,
2037 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2040 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2041 "%s|%s", path, name);
2046 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2048 const char *name, const void *value, size_t size,
2053 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2056 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2057 "%s|%s", path, name);
2062 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2063 struct files_struct *fsp, const char *name,
2064 const void *value, size_t size, int flags)
2068 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2070 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2071 "%s|%s", fsp_str_do_log(fsp), name);
2076 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2080 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2081 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2082 "%s", fsp_str_do_log(fsp));
2087 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2091 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2092 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2093 "%s", fsp_str_do_log(fsp));
2098 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2102 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2103 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2104 "%s", fsp_str_do_log(fsp));
2109 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2113 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2114 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2115 "%s", fsp_str_do_log(fsp));
2120 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2124 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2125 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2126 "%s", fsp_str_do_log(fsp));
2131 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2135 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2136 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2137 "%s", fsp_str_do_log(fsp));
2142 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2146 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2147 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2148 "%s", fsp_str_do_log(fsp));
2153 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2154 struct files_struct *fsp)
2158 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2159 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2160 "%s", fsp_str_do_log(fsp));
2165 static struct vfs_fn_pointers vfs_full_audit_fns = {
2167 /* Disk operations */
2169 .connect_fn = smb_full_audit_connect,
2170 .disconnect = smb_full_audit_disconnect,
2171 .disk_free = smb_full_audit_disk_free,
2172 .get_quota = smb_full_audit_get_quota,
2173 .set_quota = smb_full_audit_set_quota,
2174 .get_shadow_copy_data = smb_full_audit_get_shadow_copy_data,
2175 .statvfs = smb_full_audit_statvfs,
2176 .fs_capabilities = smb_full_audit_fs_capabilities,
2177 .opendir = smb_full_audit_opendir,
2178 .readdir = smb_full_audit_readdir,
2179 .seekdir = smb_full_audit_seekdir,
2180 .telldir = smb_full_audit_telldir,
2181 .rewind_dir = smb_full_audit_rewinddir,
2182 .mkdir = smb_full_audit_mkdir,
2183 .rmdir = smb_full_audit_rmdir,
2184 .closedir = smb_full_audit_closedir,
2185 .init_search_op = smb_full_audit_init_search_op,
2186 .open = smb_full_audit_open,
2187 .create_file = smb_full_audit_create_file,
2188 .close_fn = smb_full_audit_close,
2189 .vfs_read = smb_full_audit_read,
2190 .pread = smb_full_audit_pread,
2191 .write = smb_full_audit_write,
2192 .pwrite = smb_full_audit_pwrite,
2193 .lseek = smb_full_audit_lseek,
2194 .sendfile = smb_full_audit_sendfile,
2195 .recvfile = smb_full_audit_recvfile,
2196 .rename = smb_full_audit_rename,
2197 .fsync = smb_full_audit_fsync,
2198 .stat = smb_full_audit_stat,
2199 .fstat = smb_full_audit_fstat,
2200 .lstat = smb_full_audit_lstat,
2201 .get_alloc_size = smb_full_audit_get_alloc_size,
2202 .unlink = smb_full_audit_unlink,
2203 .chmod = smb_full_audit_chmod,
2204 .fchmod = smb_full_audit_fchmod,
2205 .chown = smb_full_audit_chown,
2206 .fchown = smb_full_audit_fchown,
2207 .lchown = smb_full_audit_lchown,
2208 .chdir = smb_full_audit_chdir,
2209 .getwd = smb_full_audit_getwd,
2210 .ntimes = smb_full_audit_ntimes,
2211 .ftruncate = smb_full_audit_ftruncate,
2212 .lock = smb_full_audit_lock,
2213 .kernel_flock = smb_full_audit_kernel_flock,
2214 .linux_setlease = smb_full_audit_linux_setlease,
2215 .getlock = smb_full_audit_getlock,
2216 .symlink = smb_full_audit_symlink,
2217 .vfs_readlink = smb_full_audit_readlink,
2218 .link = smb_full_audit_link,
2219 .mknod = smb_full_audit_mknod,
2220 .realpath = smb_full_audit_realpath,
2221 .notify_watch = smb_full_audit_notify_watch,
2222 .chflags = smb_full_audit_chflags,
2223 .file_id_create = smb_full_audit_file_id_create,
2224 .streaminfo = smb_full_audit_streaminfo,
2225 .get_real_filename = smb_full_audit_get_real_filename,
2226 .connectpath = smb_full_audit_connectpath,
2227 .brl_lock_windows = smb_full_audit_brl_lock_windows,
2228 .brl_unlock_windows = smb_full_audit_brl_unlock_windows,
2229 .brl_cancel_windows = smb_full_audit_brl_cancel_windows,
2230 .strict_lock = smb_full_audit_strict_lock,
2231 .strict_unlock = smb_full_audit_strict_unlock,
2232 .fget_nt_acl = smb_full_audit_fget_nt_acl,
2233 .get_nt_acl = smb_full_audit_get_nt_acl,
2234 .fset_nt_acl = smb_full_audit_fset_nt_acl,
2235 .chmod_acl = smb_full_audit_chmod_acl,
2236 .fchmod_acl = smb_full_audit_fchmod_acl,
2237 .sys_acl_get_entry = smb_full_audit_sys_acl_get_entry,
2238 .sys_acl_get_tag_type = smb_full_audit_sys_acl_get_tag_type,
2239 .sys_acl_get_permset = smb_full_audit_sys_acl_get_permset,
2240 .sys_acl_get_qualifier = smb_full_audit_sys_acl_get_qualifier,
2241 .sys_acl_get_file = smb_full_audit_sys_acl_get_file,
2242 .sys_acl_get_fd = smb_full_audit_sys_acl_get_fd,
2243 .sys_acl_clear_perms = smb_full_audit_sys_acl_clear_perms,
2244 .sys_acl_add_perm = smb_full_audit_sys_acl_add_perm,
2245 .sys_acl_to_text = smb_full_audit_sys_acl_to_text,
2246 .sys_acl_init = smb_full_audit_sys_acl_init,
2247 .sys_acl_create_entry = smb_full_audit_sys_acl_create_entry,
2248 .sys_acl_set_tag_type = smb_full_audit_sys_acl_set_tag_type,
2249 .sys_acl_set_qualifier = smb_full_audit_sys_acl_set_qualifier,
2250 .sys_acl_set_permset = smb_full_audit_sys_acl_set_permset,
2251 .sys_acl_valid = smb_full_audit_sys_acl_valid,
2252 .sys_acl_set_file = smb_full_audit_sys_acl_set_file,
2253 .sys_acl_set_fd = smb_full_audit_sys_acl_set_fd,
2254 .sys_acl_delete_def_file = smb_full_audit_sys_acl_delete_def_file,
2255 .sys_acl_get_perm = smb_full_audit_sys_acl_get_perm,
2256 .sys_acl_free_text = smb_full_audit_sys_acl_free_text,
2257 .sys_acl_free_acl = smb_full_audit_sys_acl_free_acl,
2258 .sys_acl_free_qualifier = smb_full_audit_sys_acl_free_qualifier,
2259 .getxattr = smb_full_audit_getxattr,
2260 .lgetxattr = smb_full_audit_lgetxattr,
2261 .fgetxattr = smb_full_audit_fgetxattr,
2262 .listxattr = smb_full_audit_listxattr,
2263 .llistxattr = smb_full_audit_llistxattr,
2264 .flistxattr = smb_full_audit_flistxattr,
2265 .removexattr = smb_full_audit_removexattr,
2266 .lremovexattr = smb_full_audit_lremovexattr,
2267 .fremovexattr = smb_full_audit_fremovexattr,
2268 .setxattr = smb_full_audit_setxattr,
2269 .lsetxattr = smb_full_audit_lsetxattr,
2270 .fsetxattr = smb_full_audit_fsetxattr,
2271 .aio_read = smb_full_audit_aio_read,
2272 .aio_write = smb_full_audit_aio_write,
2273 .aio_return_fn = smb_full_audit_aio_return,
2274 .aio_cancel = smb_full_audit_aio_cancel,
2275 .aio_error_fn = smb_full_audit_aio_error,
2276 .aio_fsync = smb_full_audit_aio_fsync,
2277 .aio_suspend = smb_full_audit_aio_suspend,
2278 .aio_force = smb_full_audit_aio_force,
2281 NTSTATUS vfs_full_audit_init(void)
2283 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2284 "full_audit", &vfs_full_audit_fns);
2286 if (!NT_STATUS_IS_OK(ret))
2289 vfs_full_audit_debug_level = debug_add_class("full_audit");
2290 if (vfs_full_audit_debug_level == -1) {
2291 vfs_full_audit_debug_level = DBGC_VFS;
2292 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2295 DEBUG(10, ("vfs_full_audit: Debug class number of "
2296 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / sfrench / samba-autobuild / .git / blob