2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 * This module implements parseable logging for all Samba VFS operations.
29 * You use it as follows:
33 * vfs objects = full_audit
34 * full_audit:prefix = %u|%I
35 * full_audit:success = open opendir
36 * full_audit:failure = all
38 * This leads to syslog entries of the form:
39 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
40 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
42 * where "nobody" is the connected username and "192.168.234.1" is the
43 * client's IP address.
47 * prefix: A macro expansion template prepended to the syslog entry.
49 * success: A list of VFS operations for which a successful completion should
50 * be logged. Defaults to no logging at all. The special operation "all" logs
51 * - you guessed it - everything.
53 * failure: A list of VFS operations for which failure to complete should be
54 * logged. Defaults to logging everything.
60 extern struct current_user current_user;
62 static int vfs_full_audit_debug_level = DBGC_VFS;
65 #define DBGC_CLASS vfs_full_audit_debug_level
67 /* Function prototypes */
69 static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *conn,
70 const char *svc, const char *user);
71 static void smb_full_audit_disconnect(vfs_handle_struct *handle,
72 connection_struct *conn);
73 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
74 connection_struct *conn, const char *path,
75 BOOL small_query, SMB_BIG_UINT *bsize,
76 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
77 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
78 struct connection_struct *conn,
79 enum SMB_QUOTA_TYPE qtype, unid_t id,
81 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
82 struct connection_struct *conn,
83 enum SMB_QUOTA_TYPE qtype, unid_t id,
85 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
87 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
88 connection_struct *conn, DIR *dirp);
89 static int smb_full_audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
90 const char *path, mode_t mode);
91 static int smb_full_audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
93 static int smb_full_audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
95 static int smb_full_audit_open(vfs_handle_struct *handle, connection_struct *conn,
96 const char *fname, int flags, mode_t mode);
97 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
98 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
99 int fd, void *data, size_t n);
100 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
101 int fd, void *data, size_t n, SMB_OFF_T offset);
102 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
103 int fd, const void *data, size_t n);
104 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
105 int fd, const void *data, size_t n,
107 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
108 int filedes, SMB_OFF_T offset, int whence);
109 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
110 files_struct *fsp, int fromfd,
111 const DATA_BLOB *hdr, SMB_OFF_T offset,
113 static int smb_full_audit_rename(vfs_handle_struct *handle, connection_struct *conn,
114 const char *old, const char *new);
115 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
116 static int smb_full_audit_stat(vfs_handle_struct *handle, connection_struct *conn,
117 const char *fname, SMB_STRUCT_STAT *sbuf);
118 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
119 SMB_STRUCT_STAT *sbuf);
120 static int smb_full_audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
121 const char *path, SMB_STRUCT_STAT *sbuf);
122 static int smb_full_audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
124 static int smb_full_audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
125 const char *path, mode_t mode);
126 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
128 static int smb_full_audit_chown(vfs_handle_struct *handle, connection_struct *conn,
129 const char *path, uid_t uid, gid_t gid);
130 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
131 uid_t uid, gid_t gid);
132 static int smb_full_audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
134 static char *smb_full_audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
136 static int smb_full_audit_utime(vfs_handle_struct *handle, connection_struct *conn,
137 const char *path, struct utimbuf *times);
138 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
139 int fd, SMB_OFF_T len);
140 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
141 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
142 static int smb_full_audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
143 const char *oldpath, const char *newpath);
144 static int smb_full_audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
145 const char *path, char *buf, size_t bufsiz);
146 static int smb_full_audit_link(vfs_handle_struct *handle, connection_struct *conn,
147 const char *oldpath, const char *newpath);
148 static int smb_full_audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
149 const char *pathname, mode_t mode, SMB_DEV_T dev);
150 static char *smb_full_audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
151 const char *path, char *resolved_path);
152 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
153 int fd, uint32 security_info,
155 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
156 const char *name, uint32 security_info,
158 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
159 int fd, uint32 security_info_sent,
161 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
162 const char *name, uint32 security_info_sent,
164 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
165 const char *path, mode_t mode);
166 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
167 int fd, mode_t mode);
168 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
169 connection_struct *conn,
170 SMB_ACL_T theacl, int entry_id,
171 SMB_ACL_ENTRY_T *entry_p);
172 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
173 connection_struct *conn,
174 SMB_ACL_ENTRY_T entry_d,
175 SMB_ACL_TAG_T *tag_type_p);
176 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
177 connection_struct *conn,
178 SMB_ACL_ENTRY_T entry_d,
179 SMB_ACL_PERMSET_T *permset_p);
180 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
181 connection_struct *conn,
182 SMB_ACL_ENTRY_T entry_d);
183 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
184 connection_struct *conn,
186 SMB_ACL_TYPE_T type);
187 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
190 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
191 connection_struct *conn,
192 SMB_ACL_PERMSET_T permset);
193 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
194 connection_struct *conn,
195 SMB_ACL_PERMSET_T permset,
196 SMB_ACL_PERM_T perm);
197 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
198 connection_struct *conn, SMB_ACL_T theacl,
200 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
201 connection_struct *conn,
203 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
204 connection_struct *conn, SMB_ACL_T *pacl,
205 SMB_ACL_ENTRY_T *pentry);
206 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
207 connection_struct *conn,
208 SMB_ACL_ENTRY_T entry,
209 SMB_ACL_TAG_T tagtype);
210 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
211 connection_struct *conn,
212 SMB_ACL_ENTRY_T entry,
214 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
215 connection_struct *conn,
216 SMB_ACL_ENTRY_T entry,
217 SMB_ACL_PERMSET_T permset);
218 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
219 connection_struct *conn,
221 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
222 connection_struct *conn,
223 const char *name, SMB_ACL_TYPE_T acltype,
225 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
226 int fd, SMB_ACL_T theacl);
227 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
228 connection_struct *conn,
230 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
231 connection_struct *conn,
232 SMB_ACL_PERMSET_T permset,
233 SMB_ACL_PERM_T perm);
234 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
235 connection_struct *conn,
237 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
238 connection_struct *conn,
239 SMB_ACL_T posix_acl);
240 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
241 connection_struct *conn,
243 SMB_ACL_TAG_T tagtype);
244 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
245 struct connection_struct *conn, const char *path,
246 const char *name, void *value, size_t size);
247 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
248 struct connection_struct *conn,
249 const char *path, const char *name,
250 void *value, size_t size);
251 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
252 struct files_struct *fsp, int fd,
253 const char *name, void *value, size_t size);
254 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
255 struct connection_struct *conn,
256 const char *path, char *list, size_t size);
257 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
258 struct connection_struct *conn,
259 const char *path, char *list, size_t size);
260 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
261 struct files_struct *fsp, int fd, char *list,
263 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
264 struct connection_struct *conn, const char *path,
266 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
267 struct connection_struct *conn, const char *path,
269 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
270 struct files_struct *fsp, int fd,
272 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
273 struct connection_struct *conn, const char *path,
274 const char *name, const void *value, size_t size,
276 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
277 struct connection_struct *conn, const char *path,
278 const char *name, const void *value, size_t size,
280 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
281 struct files_struct *fsp, int fd, const char *name,
282 const void *value, size_t size, int flags);
286 static vfs_op_tuple audit_op_tuples[] = {
288 /* Disk operations */
290 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
291 SMB_VFS_LAYER_LOGGER},
292 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
293 SMB_VFS_LAYER_LOGGER},
294 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
295 SMB_VFS_LAYER_LOGGER},
296 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
297 SMB_VFS_LAYER_LOGGER},
298 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
299 SMB_VFS_LAYER_LOGGER},
301 /* Directory operations */
303 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
304 SMB_VFS_LAYER_LOGGER},
305 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
306 SMB_VFS_LAYER_LOGGER},
307 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
308 SMB_VFS_LAYER_LOGGER},
309 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
310 SMB_VFS_LAYER_LOGGER},
311 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
312 SMB_VFS_LAYER_LOGGER},
314 /* File operations */
316 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
317 SMB_VFS_LAYER_LOGGER},
318 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
319 SMB_VFS_LAYER_LOGGER},
320 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
321 SMB_VFS_LAYER_LOGGER},
322 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
323 SMB_VFS_LAYER_LOGGER},
324 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
325 SMB_VFS_LAYER_LOGGER},
326 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
327 SMB_VFS_LAYER_LOGGER},
328 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
329 SMB_VFS_LAYER_LOGGER},
330 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
331 SMB_VFS_LAYER_LOGGER},
332 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
333 SMB_VFS_LAYER_LOGGER},
334 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
335 SMB_VFS_LAYER_LOGGER},
336 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
337 SMB_VFS_LAYER_LOGGER},
338 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
339 SMB_VFS_LAYER_LOGGER},
340 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
341 SMB_VFS_LAYER_LOGGER},
342 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
343 SMB_VFS_LAYER_LOGGER},
344 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
349 SMB_VFS_LAYER_LOGGER},
350 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
351 SMB_VFS_LAYER_LOGGER},
352 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
353 SMB_VFS_LAYER_LOGGER},
354 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
355 SMB_VFS_LAYER_LOGGER},
356 {SMB_VFS_OP(smb_full_audit_utime), SMB_VFS_OP_UTIME,
357 SMB_VFS_LAYER_LOGGER},
358 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
359 SMB_VFS_LAYER_LOGGER},
360 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
371 SMB_VFS_LAYER_LOGGER},
373 /* NT ACL operations. */
375 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
376 SMB_VFS_LAYER_LOGGER},
377 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
378 SMB_VFS_LAYER_LOGGER},
379 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
382 SMB_VFS_LAYER_LOGGER},
384 /* POSIX ACL operations. */
386 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD,
387 SMB_VFS_LAYER_LOGGER},
388 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD,
389 SMB_VFS_LAYER_LOGGER},
390 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
391 SMB_VFS_LAYER_LOGGER},
392 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
393 SMB_VFS_LAYER_LOGGER},
394 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
395 SMB_VFS_LAYER_LOGGER},
396 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
397 SMB_VFS_LAYER_LOGGER},
398 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
399 SMB_VFS_LAYER_LOGGER},
400 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
401 SMB_VFS_LAYER_LOGGER},
402 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
403 SMB_VFS_LAYER_LOGGER},
404 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
405 SMB_VFS_LAYER_LOGGER},
406 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
433 SMB_VFS_LAYER_LOGGER},
437 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
438 SMB_VFS_LAYER_LOGGER},
439 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
440 SMB_VFS_LAYER_LOGGER},
441 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
442 SMB_VFS_LAYER_LOGGER},
443 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
444 SMB_VFS_LAYER_LOGGER},
445 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
446 SMB_VFS_LAYER_LOGGER},
447 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
448 SMB_VFS_LAYER_LOGGER},
449 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
450 SMB_VFS_LAYER_LOGGER},
451 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
452 SMB_VFS_LAYER_LOGGER},
453 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
454 SMB_VFS_LAYER_LOGGER},
455 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
456 SMB_VFS_LAYER_LOGGER},
457 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
458 SMB_VFS_LAYER_LOGGER},
459 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
460 SMB_VFS_LAYER_LOGGER},
462 /* Finish VFS operations definition */
464 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
468 /* The following array *must* be in the same order as defined in vfs.h */
474 { SMB_VFS_OP_CONNECT, "connect" },
475 { SMB_VFS_OP_DISCONNECT, "disconnect" },
476 { SMB_VFS_OP_DISK_FREE, "disk_free" },
477 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
478 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
479 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
480 { SMB_VFS_OP_OPENDIR, "opendir" },
481 { SMB_VFS_OP_READDIR, "readdir" },
482 { SMB_VFS_OP_MKDIR, "mkdir" },
483 { SMB_VFS_OP_RMDIR, "rmdir" },
484 { SMB_VFS_OP_CLOSEDIR, "closedir" },
485 { SMB_VFS_OP_OPEN, "open" },
486 { SMB_VFS_OP_CLOSE, "close" },
487 { SMB_VFS_OP_READ, "read" },
488 { SMB_VFS_OP_PREAD, "pread" },
489 { SMB_VFS_OP_WRITE, "write" },
490 { SMB_VFS_OP_PWRITE, "pwrite" },
491 { SMB_VFS_OP_LSEEK, "lseek" },
492 { SMB_VFS_OP_SENDFILE, "sendfile" },
493 { SMB_VFS_OP_RENAME, "rename" },
494 { SMB_VFS_OP_FSYNC, "fsync" },
495 { SMB_VFS_OP_STAT, "stat" },
496 { SMB_VFS_OP_FSTAT, "fstat" },
497 { SMB_VFS_OP_LSTAT, "lstat" },
498 { SMB_VFS_OP_UNLINK, "unlink" },
499 { SMB_VFS_OP_CHMOD, "chmod" },
500 { SMB_VFS_OP_FCHMOD, "fchmod" },
501 { SMB_VFS_OP_CHOWN, "chown" },
502 { SMB_VFS_OP_FCHOWN, "fchown" },
503 { SMB_VFS_OP_CHDIR, "chdir" },
504 { SMB_VFS_OP_GETWD, "getwd" },
505 { SMB_VFS_OP_UTIME, "utime" },
506 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
507 { SMB_VFS_OP_LOCK, "lock" },
508 { SMB_VFS_OP_SYMLINK, "symlink" },
509 { SMB_VFS_OP_READLINK, "readlink" },
510 { SMB_VFS_OP_LINK, "link" },
511 { SMB_VFS_OP_MKNOD, "mknod" },
512 { SMB_VFS_OP_REALPATH, "realpath" },
513 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
514 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
515 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
516 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
517 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
518 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
519 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
520 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
521 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
522 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
523 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
524 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
525 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
526 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
527 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
528 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
529 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
530 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
531 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
532 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
533 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
534 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
535 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
536 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
537 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
538 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
539 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
540 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
541 { SMB_VFS_OP_GETXATTR, "getxattr" },
542 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
543 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
544 { SMB_VFS_OP_LISTXATTR, "listxattr" },
545 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
546 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
547 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
548 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
549 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
550 { SMB_VFS_OP_SETXATTR, "setxattr" },
551 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
552 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
553 { SMB_VFS_OP_LAST, NULL }
556 static int audit_syslog_facility(vfs_handle_struct *handle)
558 /* fix me: let this be configurable by:
559 * lp_param_enum(SNUM(handle->conn),
560 * (handle->param?handle->param:"full_audit"),
562 * audit_enum_facility,LOG_USER);
567 static int audit_syslog_priority(vfs_handle_struct *handle)
569 /* fix me: let this be configurable by:
570 * lp_param_enum(SNUM(handle->conn),
571 * (handle->param?handle->param:"full_audit"),
573 * audit_enum_priority,LOG_NOTICE);
578 static char *audit_prefix(connection_struct *conn)
580 static pstring prefix;
582 pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
584 standard_sub_snum(SNUM(conn), prefix, sizeof(prefix)-1);
588 static struct bitmap *success_ops = NULL;
590 static BOOL log_success(vfs_op_type op)
592 if (success_ops == NULL)
595 return bitmap_query(success_ops, op);
598 static struct bitmap *failure_ops = NULL;
600 static BOOL log_failure(vfs_op_type op)
602 if (failure_ops == NULL)
605 return bitmap_query(failure_ops, op);
608 static void init_bitmap(struct bitmap **bm, const char **ops)
610 BOOL log_all = False;
615 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
618 DEBUG(0, ("Could not alloc bitmap -- "
619 "defaulting to logging everything\n"));
623 while (*ops != NULL) {
627 if (strequal(*ops, "all")) {
632 for (i=0; i<SMB_VFS_OP_LAST; i++) {
633 if (strequal(*ops, vfs_op_names[i].name)) {
639 DEBUG(0, ("Could not find opname %s, logging all\n",
648 /* The query functions default to True */
654 static const char *audit_opname(vfs_op_type op)
656 if (op >= SMB_VFS_OP_LAST)
657 return "INVALID VFS OP";
658 return vfs_op_names[op].name;
661 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
662 const char *format, ...)
668 if (success && (!log_success(op)))
671 if (!success && (!log_failure(op)))
675 fstrcpy(err_msg, "ok");
677 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
679 va_start(ap, format);
680 vsnprintf(op_msg, sizeof(op_msg), format, ap);
683 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
684 audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
689 /* Implementation of vfs_ops. Pass everything on to the default
690 operation but log event first. */
692 static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *conn,
693 const char *svc, const char *user)
696 const char *none[] = { NULL };
697 const char *all [] = { "all" };
699 openlog("smbd_audit", 0, audit_syslog_facility(handle));
701 init_bitmap(&success_ops,
702 lp_parm_string_list(SNUM(conn), "full_audit", "success",
704 init_bitmap(&failure_ops,
705 lp_parm_string_list(SNUM(conn), "full_audit", "failure",
708 result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
710 do_log(SMB_VFS_OP_CONNECT, True, handle,
716 static void smb_full_audit_disconnect(vfs_handle_struct *handle,
717 connection_struct *conn)
719 SMB_VFS_NEXT_DISCONNECT(handle, conn);
721 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
722 "%s", lp_servicename(SNUM(conn)));
724 bitmap_free(success_ops);
727 bitmap_free(failure_ops);
733 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
734 connection_struct *conn, const char *path,
735 BOOL small_query, SMB_BIG_UINT *bsize,
736 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
740 result = SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize,
743 /* Don't have a reasonable notion of failure here */
745 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
750 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
751 struct connection_struct *conn,
752 enum SMB_QUOTA_TYPE qtype, unid_t id,
757 result = SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, qt);
759 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
765 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
766 struct connection_struct *conn,
767 enum SMB_QUOTA_TYPE qtype, unid_t id,
772 result = SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, qt);
774 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
779 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
784 result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname);
786 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
791 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
792 connection_struct *conn, DIR *dirp)
794 struct dirent *result;
796 result = SMB_VFS_NEXT_READDIR(handle, conn, dirp);
798 /* This operation has no reasonable error condition
799 * (End of dir is also failure), so always succeed.
801 do_log(SMB_VFS_OP_READDIR, True, handle, "");
806 static int smb_full_audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
807 const char *path, mode_t mode)
811 result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
813 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
818 static int smb_full_audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
823 result = SMB_VFS_NEXT_RMDIR(handle, conn, path);
825 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
830 static int smb_full_audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
835 result = SMB_VFS_NEXT_CLOSEDIR(handle, conn, dirp);
837 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
842 static int smb_full_audit_open(vfs_handle_struct *handle, connection_struct *conn,
843 const char *fname, int flags, mode_t mode)
847 result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
849 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
850 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
856 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
860 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
862 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
867 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
868 int fd, void *data, size_t n)
872 result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
874 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
879 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
880 int fd, void *data, size_t n, SMB_OFF_T offset)
884 result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
886 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
891 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
892 int fd, const void *data, size_t n)
896 result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
898 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
903 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
904 int fd, const void *data, size_t n,
909 result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
911 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
916 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
917 int filedes, SMB_OFF_T offset, int whence)
921 result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
923 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
924 "%s", fsp->fsp_name);
929 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
930 files_struct *fsp, int fromfd,
931 const DATA_BLOB *hdr, SMB_OFF_T offset,
936 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
939 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
940 "%s", fsp->fsp_name);
945 static int smb_full_audit_rename(vfs_handle_struct *handle, connection_struct *conn,
946 const char *old, const char *new)
950 result = SMB_VFS_NEXT_RENAME(handle, conn, old, new);
952 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", old, new);
957 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
961 result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
963 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
968 static int smb_full_audit_stat(vfs_handle_struct *handle, connection_struct *conn,
969 const char *fname, SMB_STRUCT_STAT *sbuf)
973 result = SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf);
975 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
980 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
981 SMB_STRUCT_STAT *sbuf)
985 result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
987 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
992 static int smb_full_audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
993 const char *path, SMB_STRUCT_STAT *sbuf)
997 result = SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf);
999 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1004 static int smb_full_audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
1009 result = SMB_VFS_NEXT_UNLINK(handle, conn, path);
1011 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1016 static int smb_full_audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
1017 const char *path, mode_t mode)
1021 result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
1023 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1028 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1033 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1035 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1036 "%s|%o", fsp->fsp_name, mode);
1041 static int smb_full_audit_chown(vfs_handle_struct *handle, connection_struct *conn,
1042 const char *path, uid_t uid, gid_t gid)
1046 result = SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid);
1048 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1049 path, (long int)uid, (long int)gid);
1054 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1055 uid_t uid, gid_t gid)
1059 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1061 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1062 fsp->fsp_name, (long int)uid, (long int)gid);
1067 static int smb_full_audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
1072 result = SMB_VFS_NEXT_CHDIR(handle, conn, path);
1074 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1079 static char *smb_full_audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
1084 result = SMB_VFS_NEXT_GETWD(handle, conn, path);
1086 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1091 static int smb_full_audit_utime(vfs_handle_struct *handle, connection_struct *conn,
1092 const char *path, struct utimbuf *times)
1096 result = SMB_VFS_NEXT_UTIME(handle, conn, path, times);
1098 do_log(SMB_VFS_OP_UTIME, (result >= 0), handle, "%s", path);
1103 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1104 int fd, SMB_OFF_T len)
1108 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1110 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1111 "%s", fsp->fsp_name);
1116 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1117 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1121 result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1123 do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1128 static int smb_full_audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
1129 const char *oldpath, const char *newpath)
1133 result = SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath);
1135 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1136 "%s|%s", oldpath, newpath);
1141 static int smb_full_audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
1142 const char *path, char *buf, size_t bufsiz)
1146 result = SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz);
1148 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1153 static int smb_full_audit_link(vfs_handle_struct *handle, connection_struct *conn,
1154 const char *oldpath, const char *newpath)
1158 result = SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath);
1160 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1161 "%s|%s", oldpath, newpath);
1166 static int smb_full_audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
1167 const char *pathname, mode_t mode, SMB_DEV_T dev)
1171 result = SMB_VFS_NEXT_MKNOD(handle, conn, pathname, mode, dev);
1173 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1178 static char *smb_full_audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
1179 const char *path, char *resolved_path)
1183 result = SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path);
1185 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1190 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1191 int fd, uint32 security_info,
1196 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1199 do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1200 "%s", fsp->fsp_name);
1205 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1206 const char *name, uint32 security_info,
1211 result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1214 do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1215 "%s", fsp->fsp_name);
1220 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1221 int fd, uint32 security_info_sent,
1226 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1229 do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1234 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1235 const char *name, uint32 security_info_sent,
1240 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1243 do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1248 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
1249 const char *path, mode_t mode)
1253 result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);
1255 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1256 "%s|%o", path, mode);
1261 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1262 int fd, mode_t mode)
1266 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1268 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1269 "%s|%o", fsp->fsp_name, mode);
1274 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1275 connection_struct *conn,
1276 SMB_ACL_T theacl, int entry_id,
1277 SMB_ACL_ENTRY_T *entry_p)
1281 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id,
1284 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1290 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1291 connection_struct *conn,
1292 SMB_ACL_ENTRY_T entry_d,
1293 SMB_ACL_TAG_T *tag_type_p)
1297 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d,
1300 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1306 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1307 connection_struct *conn,
1308 SMB_ACL_ENTRY_T entry_d,
1309 SMB_ACL_PERMSET_T *permset_p)
1313 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d,
1316 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1322 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1323 connection_struct *conn,
1324 SMB_ACL_ENTRY_T entry_d)
1328 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d);
1330 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1336 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1337 connection_struct *conn,
1339 SMB_ACL_TYPE_T type)
1343 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type);
1345 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1351 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1352 files_struct *fsp, int fd)
1356 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1358 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1359 "%s", fsp->fsp_name);
1364 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1365 connection_struct *conn,
1366 SMB_ACL_PERMSET_T permset)
1370 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset);
1372 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1378 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1379 connection_struct *conn,
1380 SMB_ACL_PERMSET_T permset,
1381 SMB_ACL_PERM_T perm)
1385 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm);
1387 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1393 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1394 connection_struct *conn, SMB_ACL_T theacl,
1399 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen);
1401 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1407 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1408 connection_struct *conn,
1413 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count);
1415 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1421 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1422 connection_struct *conn, SMB_ACL_T *pacl,
1423 SMB_ACL_ENTRY_T *pentry)
1427 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry);
1429 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1435 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1436 connection_struct *conn,
1437 SMB_ACL_ENTRY_T entry,
1438 SMB_ACL_TAG_T tagtype)
1442 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry,
1445 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1451 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1452 connection_struct *conn,
1453 SMB_ACL_ENTRY_T entry,
1458 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual);
1460 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1466 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1467 connection_struct *conn,
1468 SMB_ACL_ENTRY_T entry,
1469 SMB_ACL_PERMSET_T permset)
1473 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset);
1475 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1481 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1482 connection_struct *conn,
1487 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl);
1489 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1495 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1496 connection_struct *conn,
1497 const char *name, SMB_ACL_TYPE_T acltype,
1502 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype,
1505 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1511 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1512 int fd, SMB_ACL_T theacl)
1516 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1518 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1519 "%s", fsp->fsp_name);
1524 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1525 connection_struct *conn,
1530 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path);
1532 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1538 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1539 connection_struct *conn,
1540 SMB_ACL_PERMSET_T permset,
1541 SMB_ACL_PERM_T perm)
1545 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm);
1547 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1553 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1554 connection_struct *conn,
1559 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text);
1561 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1567 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1568 connection_struct *conn,
1569 SMB_ACL_T posix_acl)
1573 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl);
1575 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1581 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1582 connection_struct *conn,
1584 SMB_ACL_TAG_T tagtype)
1588 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier,
1591 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1597 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1598 struct connection_struct *conn, const char *path,
1599 const char *name, void *value, size_t size)
1603 result = SMB_VFS_NEXT_GETXATTR(handle, conn, path, name, value, size);
1605 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1606 "%s|%s", path, name);
1611 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1612 struct connection_struct *conn,
1613 const char *path, const char *name,
1614 void *value, size_t size)
1618 result = SMB_VFS_NEXT_LGETXATTR(handle, conn, path, name, value, size);
1620 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1621 "%s|%s", path, name);
1626 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1627 struct files_struct *fsp, int fd,
1628 const char *name, void *value, size_t size)
1632 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1634 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1635 "%s|%s", fsp->fsp_name, name);
1640 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1641 struct connection_struct *conn,
1642 const char *path, char *list, size_t size)
1646 result = SMB_VFS_NEXT_LISTXATTR(handle, conn, path, list, size);
1648 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1653 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1654 struct connection_struct *conn,
1655 const char *path, char *list, size_t size)
1659 result = SMB_VFS_NEXT_LLISTXATTR(handle, conn, path, list, size);
1661 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1666 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1667 struct files_struct *fsp, int fd, char *list,
1672 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1674 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1675 "%s", fsp->fsp_name);
1680 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1681 struct connection_struct *conn, const char *path,
1686 result = SMB_VFS_NEXT_REMOVEXATTR(handle, conn, path, name);
1688 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1689 "%s|%s", path, name);
1694 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
1695 struct connection_struct *conn, const char *path,
1700 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, conn, path, name);
1702 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1703 "%s|%s", path, name);
1708 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1709 struct files_struct *fsp, int fd,
1714 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1716 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1717 "%s|%s", fsp->fsp_name, name);
1722 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1723 struct connection_struct *conn, const char *path,
1724 const char *name, const void *value, size_t size,
1729 result = SMB_VFS_NEXT_SETXATTR(handle, conn, path, name, value, size,
1732 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1733 "%s|%s", path, name);
1738 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
1739 struct connection_struct *conn, const char *path,
1740 const char *name, const void *value, size_t size,
1745 result = SMB_VFS_NEXT_LSETXATTR(handle, conn, path, name, value, size,
1748 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
1749 "%s|%s", path, name);
1754 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
1755 struct files_struct *fsp, int fd, const char *name,
1756 const void *value, size_t size, int flags)
1760 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
1763 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
1764 "%s|%s", fsp->fsp_name, name);
1769 NTSTATUS vfs_full_audit_init(void)
1771 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
1772 "full_audit", audit_op_tuples);
1774 if (!NT_STATUS_IS_OK(ret))
1777 vfs_full_audit_debug_level = debug_add_class("full_audit");
1778 if (vfs_full_audit_debug_level == -1) {
1779 vfs_full_audit_debug_level = DBGC_VFS;
1780 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
1783 DEBUG(10, ("vfs_full_audit: Debug class number of "
1784 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / tprouty / samba.git / blob