2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 extern userdom_struct current_user_info;
64 static int vfs_full_audit_debug_level = DBGC_VFS;
66 struct vfs_full_audit_private_data {
67 struct bitmap *success_ops;
68 struct bitmap *failure_ops;
72 #define DBGC_CLASS vfs_full_audit_debug_level
74 /* Function prototypes */
76 static int smb_full_audit_connect(vfs_handle_struct *handle,
77 const char *svc, const char *user);
78 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
79 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
81 bool small_query, SMB_BIG_UINT *bsize,
82 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
83 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
84 enum SMB_QUOTA_TYPE qtype, unid_t id,
86 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
87 enum SMB_QUOTA_TYPE qtype, unid_t id,
89 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
90 struct files_struct *fsp,
91 SHADOW_COPY_DATA *shadow_copy_data, bool labels);
92 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
94 struct vfs_statvfs_struct *statbuf);
96 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
97 const char *fname, const char *mask, uint32 attr);
98 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
99 SMB_STRUCT_DIR *dirp);
100 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
101 SMB_STRUCT_DIR *dirp, long offset);
102 static long smb_full_audit_telldir(vfs_handle_struct *handle,
103 SMB_STRUCT_DIR *dirp);
104 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
105 SMB_STRUCT_DIR *dirp);
106 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
107 const char *path, mode_t mode);
108 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
110 static int smb_full_audit_closedir(vfs_handle_struct *handle,
111 SMB_STRUCT_DIR *dirp);
112 static int smb_full_audit_open(vfs_handle_struct *handle,
113 const char *fname, files_struct *fsp, int flags, mode_t mode);
114 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
115 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
116 void *data, size_t n);
117 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
118 void *data, size_t n, SMB_OFF_T offset);
119 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
120 const void *data, size_t n);
121 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
122 const void *data, size_t n,
124 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
125 SMB_OFF_T offset, int whence);
126 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
127 files_struct *fromfsp,
128 const DATA_BLOB *hdr, SMB_OFF_T offset,
130 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
131 files_struct *fsp, int tofd,
134 static int smb_full_audit_rename(vfs_handle_struct *handle,
135 const char *oldname, const char *newname);
136 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp);
137 static int smb_full_audit_stat(vfs_handle_struct *handle,
138 const char *fname, SMB_STRUCT_STAT *sbuf);
139 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
140 SMB_STRUCT_STAT *sbuf);
141 static int smb_full_audit_lstat(vfs_handle_struct *handle,
142 const char *path, SMB_STRUCT_STAT *sbuf);
143 static int smb_full_audit_unlink(vfs_handle_struct *handle,
145 static int smb_full_audit_chmod(vfs_handle_struct *handle,
146 const char *path, mode_t mode);
147 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
149 static int smb_full_audit_chown(vfs_handle_struct *handle,
150 const char *path, uid_t uid, gid_t gid);
151 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
152 uid_t uid, gid_t gid);
153 static int smb_full_audit_lchown(vfs_handle_struct *handle,
154 const char *path, uid_t uid, gid_t gid);
155 static int smb_full_audit_chdir(vfs_handle_struct *handle,
157 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
159 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
160 const char *path, const struct timespec ts[2]);
161 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
163 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
164 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
165 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
166 struct files_struct *fsp,
168 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
170 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
171 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
172 static int smb_full_audit_symlink(vfs_handle_struct *handle,
173 const char *oldpath, const char *newpath);
174 static int smb_full_audit_readlink(vfs_handle_struct *handle,
175 const char *path, char *buf, size_t bufsiz);
176 static int smb_full_audit_link(vfs_handle_struct *handle,
177 const char *oldpath, const char *newpath);
178 static int smb_full_audit_mknod(vfs_handle_struct *handle,
179 const char *pathname, mode_t mode, SMB_DEV_T dev);
180 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
181 const char *path, char *resolved_path);
182 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
183 struct sys_notify_context *ctx,
184 struct notify_entry *e,
185 void (*callback)(struct sys_notify_context *ctx,
187 struct notify_event *ev),
188 void *private_data, void *handle_p);
189 static int smb_full_audit_chflags(vfs_handle_struct *handle,
190 const char *path, unsigned int flags);
191 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
192 SMB_DEV_T dev, SMB_INO_T inode);
193 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
194 uint32 security_info,
196 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
197 const char *name, uint32 security_info,
199 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
200 uint32 security_info_sent,
202 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
203 const char *name, uint32 security_info_sent,
205 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
206 const char *path, mode_t mode);
207 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
209 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
210 SMB_ACL_T theacl, int entry_id,
211 SMB_ACL_ENTRY_T *entry_p);
212 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
213 SMB_ACL_ENTRY_T entry_d,
214 SMB_ACL_TAG_T *tag_type_p);
215 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
216 SMB_ACL_ENTRY_T entry_d,
217 SMB_ACL_PERMSET_T *permset_p);
218 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
219 SMB_ACL_ENTRY_T entry_d);
220 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
222 SMB_ACL_TYPE_T type);
223 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
225 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
226 SMB_ACL_PERMSET_T permset);
227 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
228 SMB_ACL_PERMSET_T permset,
229 SMB_ACL_PERM_T perm);
230 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
233 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
235 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
237 SMB_ACL_ENTRY_T *pentry);
238 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
239 SMB_ACL_ENTRY_T entry,
240 SMB_ACL_TAG_T tagtype);
241 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
242 SMB_ACL_ENTRY_T entry,
244 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
245 SMB_ACL_ENTRY_T entry,
246 SMB_ACL_PERMSET_T permset);
247 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
249 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
250 const char *name, SMB_ACL_TYPE_T acltype,
252 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
254 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
256 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
257 SMB_ACL_PERMSET_T permset,
258 SMB_ACL_PERM_T perm);
259 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
261 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
262 SMB_ACL_T posix_acl);
263 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
265 SMB_ACL_TAG_T tagtype);
266 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
268 const char *name, void *value, size_t size);
269 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
270 const char *path, const char *name,
271 void *value, size_t size);
272 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
273 struct files_struct *fsp,
274 const char *name, void *value, size_t size);
275 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
276 const char *path, char *list, size_t size);
277 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
278 const char *path, char *list, size_t size);
279 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
280 struct files_struct *fsp, char *list,
282 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
285 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
288 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
289 struct files_struct *fsp,
291 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
293 const char *name, const void *value, size_t size,
295 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
297 const char *name, const void *value, size_t size,
299 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
300 struct files_struct *fsp, const char *name,
301 const void *value, size_t size, int flags);
303 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
304 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
305 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
306 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
307 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
308 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
309 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
313 static vfs_op_tuple audit_op_tuples[] = {
315 /* Disk operations */
317 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
318 SMB_VFS_LAYER_LOGGER},
319 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
320 SMB_VFS_LAYER_LOGGER},
321 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
322 SMB_VFS_LAYER_LOGGER},
323 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
324 SMB_VFS_LAYER_LOGGER},
325 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
326 SMB_VFS_LAYER_LOGGER},
327 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
328 SMB_VFS_LAYER_LOGGER},
329 {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS,
330 SMB_VFS_LAYER_LOGGER},
332 /* Directory operations */
334 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
335 SMB_VFS_LAYER_LOGGER},
336 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
337 SMB_VFS_LAYER_LOGGER},
338 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
339 SMB_VFS_LAYER_LOGGER},
340 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
341 SMB_VFS_LAYER_LOGGER},
342 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
343 SMB_VFS_LAYER_LOGGER},
344 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
349 SMB_VFS_LAYER_LOGGER},
351 /* File operations */
353 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
354 SMB_VFS_LAYER_LOGGER},
355 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
356 SMB_VFS_LAYER_LOGGER},
357 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
358 SMB_VFS_LAYER_LOGGER},
359 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
360 SMB_VFS_LAYER_LOGGER},
361 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
362 SMB_VFS_LAYER_LOGGER},
363 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
364 SMB_VFS_LAYER_LOGGER},
365 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
366 SMB_VFS_LAYER_LOGGER},
367 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
368 SMB_VFS_LAYER_LOGGER},
369 {SMB_VFS_OP(smb_full_audit_recvfile), SMB_VFS_OP_RECVFILE,
370 SMB_VFS_LAYER_LOGGER},
371 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
372 SMB_VFS_LAYER_LOGGER},
373 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
374 SMB_VFS_LAYER_LOGGER},
375 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
376 SMB_VFS_LAYER_LOGGER},
377 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
378 SMB_VFS_LAYER_LOGGER},
379 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
380 SMB_VFS_LAYER_LOGGER},
381 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
382 SMB_VFS_LAYER_LOGGER},
383 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
384 SMB_VFS_LAYER_LOGGER},
385 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
386 SMB_VFS_LAYER_LOGGER},
387 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
388 SMB_VFS_LAYER_LOGGER},
389 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
390 SMB_VFS_LAYER_LOGGER},
391 {SMB_VFS_OP(smb_full_audit_lchown), SMB_VFS_OP_LCHOWN,
392 SMB_VFS_LAYER_LOGGER},
393 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
394 SMB_VFS_LAYER_LOGGER},
395 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
396 SMB_VFS_LAYER_LOGGER},
397 {SMB_VFS_OP(smb_full_audit_ntimes), SMB_VFS_OP_NTIMES,
398 SMB_VFS_LAYER_LOGGER},
399 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
400 SMB_VFS_LAYER_LOGGER},
401 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
402 SMB_VFS_LAYER_LOGGER},
403 {SMB_VFS_OP(smb_full_audit_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
404 SMB_VFS_LAYER_LOGGER},
405 {SMB_VFS_OP(smb_full_audit_linux_setlease), SMB_VFS_OP_LINUX_SETLEASE,
406 SMB_VFS_LAYER_LOGGER},
407 {SMB_VFS_OP(smb_full_audit_getlock), SMB_VFS_OP_GETLOCK,
408 SMB_VFS_LAYER_LOGGER},
409 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
410 SMB_VFS_LAYER_LOGGER},
411 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
412 SMB_VFS_LAYER_LOGGER},
413 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
414 SMB_VFS_LAYER_LOGGER},
415 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
416 SMB_VFS_LAYER_LOGGER},
417 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
418 SMB_VFS_LAYER_LOGGER},
419 {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
420 SMB_VFS_LAYER_LOGGER},
421 {SMB_VFS_OP(smb_full_audit_chflags), SMB_VFS_OP_CHFLAGS,
422 SMB_VFS_LAYER_LOGGER},
423 {SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
424 SMB_VFS_LAYER_LOGGER},
426 /* NT ACL operations. */
428 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
433 SMB_VFS_LAYER_LOGGER},
434 {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
435 SMB_VFS_LAYER_LOGGER},
437 /* POSIX ACL operations. */
439 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
440 SMB_VFS_LAYER_LOGGER},
441 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
442 SMB_VFS_LAYER_LOGGER},
443 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
444 SMB_VFS_LAYER_LOGGER},
445 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
446 SMB_VFS_LAYER_LOGGER},
447 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
448 SMB_VFS_LAYER_LOGGER},
449 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
450 SMB_VFS_LAYER_LOGGER},
451 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
452 SMB_VFS_LAYER_LOGGER},
453 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
454 SMB_VFS_LAYER_LOGGER},
455 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
456 SMB_VFS_LAYER_LOGGER},
457 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
458 SMB_VFS_LAYER_LOGGER},
459 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
460 SMB_VFS_LAYER_LOGGER},
461 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
462 SMB_VFS_LAYER_LOGGER},
463 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
464 SMB_VFS_LAYER_LOGGER},
465 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
466 SMB_VFS_LAYER_LOGGER},
467 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
468 SMB_VFS_LAYER_LOGGER},
469 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
470 SMB_VFS_LAYER_LOGGER},
471 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
472 SMB_VFS_LAYER_LOGGER},
473 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
474 SMB_VFS_LAYER_LOGGER},
475 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
476 SMB_VFS_LAYER_LOGGER},
477 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
478 SMB_VFS_LAYER_LOGGER},
479 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
480 SMB_VFS_LAYER_LOGGER},
481 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
482 SMB_VFS_LAYER_LOGGER},
483 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
484 SMB_VFS_LAYER_LOGGER},
485 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
486 SMB_VFS_LAYER_LOGGER},
490 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
491 SMB_VFS_LAYER_LOGGER},
492 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
493 SMB_VFS_LAYER_LOGGER},
494 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
495 SMB_VFS_LAYER_LOGGER},
496 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
497 SMB_VFS_LAYER_LOGGER},
498 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
499 SMB_VFS_LAYER_LOGGER},
500 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
501 SMB_VFS_LAYER_LOGGER},
502 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
503 SMB_VFS_LAYER_LOGGER},
504 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
505 SMB_VFS_LAYER_LOGGER},
506 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
507 SMB_VFS_LAYER_LOGGER},
508 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
509 SMB_VFS_LAYER_LOGGER},
510 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
511 SMB_VFS_LAYER_LOGGER},
512 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
513 SMB_VFS_LAYER_LOGGER},
515 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
516 SMB_VFS_LAYER_LOGGER},
517 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
518 SMB_VFS_LAYER_LOGGER},
519 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
520 SMB_VFS_LAYER_LOGGER},
521 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
522 SMB_VFS_LAYER_LOGGER},
523 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
524 SMB_VFS_LAYER_LOGGER},
525 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
526 SMB_VFS_LAYER_LOGGER},
527 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
528 SMB_VFS_LAYER_LOGGER},
530 /* Finish VFS operations definition */
532 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
536 /* The following array *must* be in the same order as defined in vfs.h */
542 { SMB_VFS_OP_CONNECT, "connect" },
543 { SMB_VFS_OP_DISCONNECT, "disconnect" },
544 { SMB_VFS_OP_DISK_FREE, "disk_free" },
545 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
546 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
547 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
548 { SMB_VFS_OP_STATVFS, "statvfs" },
549 { SMB_VFS_OP_OPENDIR, "opendir" },
550 { SMB_VFS_OP_READDIR, "readdir" },
551 { SMB_VFS_OP_SEEKDIR, "seekdir" },
552 { SMB_VFS_OP_TELLDIR, "telldir" },
553 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
554 { SMB_VFS_OP_MKDIR, "mkdir" },
555 { SMB_VFS_OP_RMDIR, "rmdir" },
556 { SMB_VFS_OP_CLOSEDIR, "closedir" },
557 { SMB_VFS_OP_OPEN, "open" },
558 { SMB_VFS_OP_CLOSE, "close" },
559 { SMB_VFS_OP_READ, "read" },
560 { SMB_VFS_OP_PREAD, "pread" },
561 { SMB_VFS_OP_WRITE, "write" },
562 { SMB_VFS_OP_PWRITE, "pwrite" },
563 { SMB_VFS_OP_LSEEK, "lseek" },
564 { SMB_VFS_OP_SENDFILE, "sendfile" },
565 { SMB_VFS_OP_RENAME, "rename" },
566 { SMB_VFS_OP_FSYNC, "fsync" },
567 { SMB_VFS_OP_STAT, "stat" },
568 { SMB_VFS_OP_FSTAT, "fstat" },
569 { SMB_VFS_OP_LSTAT, "lstat" },
570 { SMB_VFS_OP_UNLINK, "unlink" },
571 { SMB_VFS_OP_CHMOD, "chmod" },
572 { SMB_VFS_OP_FCHMOD, "fchmod" },
573 { SMB_VFS_OP_CHOWN, "chown" },
574 { SMB_VFS_OP_FCHOWN, "fchown" },
575 { SMB_VFS_OP_LCHOWN, "lchown" },
576 { SMB_VFS_OP_CHDIR, "chdir" },
577 { SMB_VFS_OP_GETWD, "getwd" },
578 { SMB_VFS_OP_NTIMES, "ntimes" },
579 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
580 { SMB_VFS_OP_LOCK, "lock" },
581 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
582 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
583 { SMB_VFS_OP_GETLOCK, "getlock" },
584 { SMB_VFS_OP_SYMLINK, "symlink" },
585 { SMB_VFS_OP_READLINK, "readlink" },
586 { SMB_VFS_OP_LINK, "link" },
587 { SMB_VFS_OP_MKNOD, "mknod" },
588 { SMB_VFS_OP_REALPATH, "realpath" },
589 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
590 { SMB_VFS_OP_CHFLAGS, "chflags" },
591 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
592 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
593 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
594 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
595 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
596 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
597 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
598 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
599 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
600 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
601 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
602 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
603 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
604 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
605 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
606 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
607 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
608 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
609 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
610 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
611 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
612 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
613 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
614 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
615 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
616 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
617 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
618 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
619 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
620 { SMB_VFS_OP_GETXATTR, "getxattr" },
621 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
622 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
623 { SMB_VFS_OP_LISTXATTR, "listxattr" },
624 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
625 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
626 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
627 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
628 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
629 { SMB_VFS_OP_SETXATTR, "setxattr" },
630 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
631 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
632 { SMB_VFS_OP_AIO_READ, "aio_read" },
633 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
634 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
635 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
636 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
637 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
638 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
639 { SMB_VFS_OP_LAST, NULL }
642 static int audit_syslog_facility(vfs_handle_struct *handle)
644 static const struct enum_list enum_log_facilities[] = {
645 { LOG_USER, "USER" },
646 { LOG_LOCAL0, "LOCAL0" },
647 { LOG_LOCAL1, "LOCAL1" },
648 { LOG_LOCAL2, "LOCAL2" },
649 { LOG_LOCAL3, "LOCAL3" },
650 { LOG_LOCAL4, "LOCAL4" },
651 { LOG_LOCAL5, "LOCAL5" },
652 { LOG_LOCAL6, "LOCAL6" },
653 { LOG_LOCAL7, "LOCAL7" }
658 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
663 static int audit_syslog_priority(vfs_handle_struct *handle)
665 static const struct enum_list enum_log_priorities[] = {
666 { LOG_EMERG, "EMERG" },
667 { LOG_ALERT, "ALERT" },
668 { LOG_CRIT, "CRIT" },
670 { LOG_WARNING, "WARNING" },
671 { LOG_NOTICE, "NOTICE" },
672 { LOG_INFO, "INFO" },
673 { LOG_DEBUG, "DEBUG" }
678 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
683 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
687 prefix = talloc_strdup(ctx,
688 lp_parm_const_string(SNUM(conn), "full_audit",
693 return talloc_sub_advanced(ctx,
694 lp_servicename(SNUM(conn)), conn->user,
695 conn->connectpath, conn->gid,
696 get_current_username(),
697 current_user_info.domain,
701 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
703 struct vfs_full_audit_private_data *pd = NULL;
705 SMB_VFS_HANDLE_GET_DATA(handle, pd,
706 struct vfs_full_audit_private_data,
709 if (pd->success_ops == NULL) {
713 return bitmap_query(pd->success_ops, op);
716 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
718 struct vfs_full_audit_private_data *pd = NULL;
720 SMB_VFS_HANDLE_GET_DATA(handle, pd,
721 struct vfs_full_audit_private_data,
724 if (pd->failure_ops == NULL)
727 return bitmap_query(pd->failure_ops, op);
730 static void init_bitmap(struct bitmap **bm, const char **ops)
732 bool log_all = False;
737 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
740 DEBUG(0, ("Could not alloc bitmap -- "
741 "defaulting to logging everything\n"));
745 while (*ops != NULL) {
749 if (strequal(*ops, "all")) {
754 if (strequal(*ops, "none")) {
758 for (i=0; i<SMB_VFS_OP_LAST; i++) {
759 if (vfs_op_names[i].name == NULL) {
760 smb_panic("vfs_full_audit.c: name table not "
761 "in sync with vfs.h\n");
764 if (strequal(*ops, vfs_op_names[i].name)) {
770 DEBUG(0, ("Could not find opname %s, logging all\n",
779 /* The query functions default to True */
785 static const char *audit_opname(vfs_op_type op)
787 if (op >= SMB_VFS_OP_LAST)
788 return "INVALID VFS OP";
789 return vfs_op_names[op].name;
792 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
793 const char *format, ...)
796 char *audit_pre = NULL;
800 if (success && (!log_success(handle, op)))
803 if (!success && (!log_failure(handle, op)))
807 fstrcpy(err_msg, "ok");
809 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
811 va_start(ap, format);
812 op_msg = talloc_vasprintf(NULL, format, ap);
819 audit_pre = audit_prefix(NULL, handle->conn);
820 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
821 audit_pre ? audit_pre : "",
822 audit_opname(op), err_msg, op_msg);
824 TALLOC_FREE(audit_pre);
830 /* Free function for the private data. */
832 static void free_private_data(void **p_data)
834 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
836 if (pd->success_ops) {
837 bitmap_free(pd->success_ops);
839 if (pd->failure_ops) {
840 bitmap_free(pd->failure_ops);
846 /* Implementation of vfs_ops. Pass everything on to the default
847 operation but log event first. */
849 static int smb_full_audit_connect(vfs_handle_struct *handle,
850 const char *svc, const char *user)
853 struct vfs_full_audit_private_data *pd = NULL;
854 const char *none[] = { NULL };
855 const char *all [] = { "all" };
861 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
867 openlog("smbd_audit", 0, audit_syslog_facility(handle));
869 init_bitmap(&pd->success_ops,
870 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
872 init_bitmap(&pd->failure_ops,
873 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
876 /* Store the private data. */
877 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
878 struct vfs_full_audit_private_data, return -1);
880 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
882 do_log(SMB_VFS_OP_CONNECT, True, handle,
888 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
890 SMB_VFS_NEXT_DISCONNECT(handle);
892 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
893 "%s", lp_servicename(SNUM(handle->conn)));
895 /* The bitmaps will be disconnected when the private
901 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
903 bool small_query, SMB_BIG_UINT *bsize,
904 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
908 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
911 /* Don't have a reasonable notion of failure here */
913 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
918 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
919 enum SMB_QUOTA_TYPE qtype, unid_t id,
924 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
926 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
932 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
933 enum SMB_QUOTA_TYPE qtype, unid_t id,
938 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
940 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
945 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
946 struct files_struct *fsp,
947 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
951 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
953 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
958 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
960 struct vfs_statvfs_struct *statbuf)
964 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
966 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
971 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
972 const char *fname, const char *mask, uint32 attr)
974 SMB_STRUCT_DIR *result;
976 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
978 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
983 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
984 SMB_STRUCT_DIR *dirp)
986 SMB_STRUCT_DIRENT *result;
988 result = SMB_VFS_NEXT_READDIR(handle, dirp);
990 /* This operation has no reasonable error condition
991 * (End of dir is also failure), so always succeed.
993 do_log(SMB_VFS_OP_READDIR, True, handle, "");
998 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
999 SMB_STRUCT_DIR *dirp, long offset)
1001 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1003 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1007 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1008 SMB_STRUCT_DIR *dirp)
1012 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1014 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1019 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1020 SMB_STRUCT_DIR *dirp)
1022 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1024 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1028 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1029 const char *path, mode_t mode)
1033 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1035 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1040 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1045 result = SMB_VFS_NEXT_RMDIR(handle, path);
1047 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1052 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1053 SMB_STRUCT_DIR *dirp)
1057 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1059 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1064 static int smb_full_audit_open(vfs_handle_struct *handle,
1065 const char *fname, files_struct *fsp, int flags, mode_t mode)
1069 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1071 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1072 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1078 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
1082 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
1084 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1089 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1090 void *data, size_t n)
1094 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1096 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1101 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1102 void *data, size_t n, SMB_OFF_T offset)
1106 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1108 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1113 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1114 const void *data, size_t n)
1118 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1120 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1125 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1126 const void *data, size_t n,
1131 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1133 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1138 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1139 SMB_OFF_T offset, int whence)
1143 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1145 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1146 "%s", fsp->fsp_name);
1151 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1152 files_struct *fromfsp,
1153 const DATA_BLOB *hdr, SMB_OFF_T offset,
1158 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1160 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1161 "%s", fromfsp->fsp_name);
1166 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1167 files_struct *fsp, int tofd,
1173 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, fsp, tofd,
1176 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1177 "%s", fsp->fsp_name);
1182 static int smb_full_audit_rename(vfs_handle_struct *handle,
1183 const char *oldname, const char *newname)
1187 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1189 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1194 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1198 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1200 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1205 static int smb_full_audit_stat(vfs_handle_struct *handle,
1206 const char *fname, SMB_STRUCT_STAT *sbuf)
1210 result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1212 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1217 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1218 SMB_STRUCT_STAT *sbuf)
1222 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1224 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1229 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1230 const char *path, SMB_STRUCT_STAT *sbuf)
1234 result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1236 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1241 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1246 result = SMB_VFS_NEXT_UNLINK(handle, path);
1248 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1253 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1254 const char *path, mode_t mode)
1258 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1260 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1265 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1270 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1272 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1273 "%s|%o", fsp->fsp_name, mode);
1278 static int smb_full_audit_chown(vfs_handle_struct *handle,
1279 const char *path, uid_t uid, gid_t gid)
1283 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1285 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1286 path, (long int)uid, (long int)gid);
1291 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1292 uid_t uid, gid_t gid)
1296 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1298 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1299 fsp->fsp_name, (long int)uid, (long int)gid);
1304 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1305 const char *path, uid_t uid, gid_t gid)
1309 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1311 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1312 path, (long int)uid, (long int)gid);
1317 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1322 result = SMB_VFS_NEXT_CHDIR(handle, path);
1324 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1329 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1334 result = SMB_VFS_NEXT_GETWD(handle, path);
1336 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1341 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1342 const char *path, const struct timespec ts[2])
1346 result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
1348 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1353 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1358 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1360 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1361 "%s", fsp->fsp_name);
1366 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1367 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1371 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1373 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp->fsp_name);
1378 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1379 struct files_struct *fsp,
1384 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1386 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1392 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1397 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1399 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1405 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1406 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1410 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1412 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp->fsp_name);
1417 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1418 const char *oldpath, const char *newpath)
1422 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1424 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1425 "%s|%s", oldpath, newpath);
1430 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1431 const char *path, char *buf, size_t bufsiz)
1435 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1437 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1442 static int smb_full_audit_link(vfs_handle_struct *handle,
1443 const char *oldpath, const char *newpath)
1447 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1449 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1450 "%s|%s", oldpath, newpath);
1455 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1456 const char *pathname, mode_t mode, SMB_DEV_T dev)
1460 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1462 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1467 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1468 const char *path, char *resolved_path)
1472 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1474 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1479 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1480 struct sys_notify_context *ctx,
1481 struct notify_entry *e,
1482 void (*callback)(struct sys_notify_context *ctx,
1484 struct notify_event *ev),
1485 void *private_data, void *handle_p)
1489 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1491 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1496 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1497 const char *path, unsigned int flags)
1501 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1503 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1508 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1509 SMB_DEV_T dev, SMB_INO_T inode)
1511 struct file_id id_zero;
1512 struct file_id result;
1514 ZERO_STRUCT(id_zero);
1516 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode);
1518 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1519 !file_id_equal(&id_zero, &result),
1520 handle, "%s", file_id_string_tos(&result));
1525 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1526 uint32 security_info,
1531 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1533 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1534 "%s", fsp->fsp_name);
1539 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1542 uint32 security_info,
1547 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1549 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1550 "%s", fsp->fsp_name);
1555 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1556 uint32 security_info_sent,
1561 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1563 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1568 static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1569 const char *name, uint32 security_info_sent,
1574 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1577 do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1582 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1583 const char *path, mode_t mode)
1587 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1589 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1590 "%s|%o", path, mode);
1595 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1600 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1602 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1603 "%s|%o", fsp->fsp_name, mode);
1608 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1610 SMB_ACL_T theacl, int entry_id,
1611 SMB_ACL_ENTRY_T *entry_p)
1615 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1618 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1624 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1626 SMB_ACL_ENTRY_T entry_d,
1627 SMB_ACL_TAG_T *tag_type_p)
1631 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1634 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1640 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1642 SMB_ACL_ENTRY_T entry_d,
1643 SMB_ACL_PERMSET_T *permset_p)
1647 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1650 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1656 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1658 SMB_ACL_ENTRY_T entry_d)
1662 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1664 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1670 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1672 SMB_ACL_TYPE_T type)
1676 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1678 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1684 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1689 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1691 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1692 "%s", fsp->fsp_name);
1697 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1699 SMB_ACL_PERMSET_T permset)
1703 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1705 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1711 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1713 SMB_ACL_PERMSET_T permset,
1714 SMB_ACL_PERM_T perm)
1718 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1720 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1726 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1732 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1734 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1740 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1746 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1748 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1754 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1756 SMB_ACL_ENTRY_T *pentry)
1760 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1762 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1768 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1770 SMB_ACL_ENTRY_T entry,
1771 SMB_ACL_TAG_T tagtype)
1775 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1778 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1784 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1786 SMB_ACL_ENTRY_T entry,
1791 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1793 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1799 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1801 SMB_ACL_ENTRY_T entry,
1802 SMB_ACL_PERMSET_T permset)
1806 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1808 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1814 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1820 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1822 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1828 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1830 const char *name, SMB_ACL_TYPE_T acltype,
1835 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1838 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1844 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1849 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1851 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1852 "%s", fsp->fsp_name);
1857 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1863 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1865 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1871 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1873 SMB_ACL_PERMSET_T permset,
1874 SMB_ACL_PERM_T perm)
1878 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
1880 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1886 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1892 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
1894 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1900 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1902 SMB_ACL_T posix_acl)
1906 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
1908 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1914 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1916 SMB_ACL_TAG_T tagtype)
1920 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
1923 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1929 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1931 const char *name, void *value, size_t size)
1935 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1937 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1938 "%s|%s", path, name);
1943 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1944 const char *path, const char *name,
1945 void *value, size_t size)
1949 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
1951 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1952 "%s|%s", path, name);
1957 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1958 struct files_struct *fsp,
1959 const char *name, void *value, size_t size)
1963 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1965 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1966 "%s|%s", fsp->fsp_name, name);
1971 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1972 const char *path, char *list, size_t size)
1976 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1978 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1983 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1984 const char *path, char *list, size_t size)
1988 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
1990 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1995 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1996 struct files_struct *fsp, char *list,
2001 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2003 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2004 "%s", fsp->fsp_name);
2009 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2015 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2017 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2018 "%s|%s", path, name);
2023 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2029 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2031 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2032 "%s|%s", path, name);
2037 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2038 struct files_struct *fsp,
2043 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2045 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2046 "%s|%s", fsp->fsp_name, name);
2051 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2053 const char *name, const void *value, size_t size,
2058 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2061 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2062 "%s|%s", path, name);
2067 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2069 const char *name, const void *value, size_t size,
2074 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2077 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2078 "%s|%s", path, name);
2083 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2084 struct files_struct *fsp, const char *name,
2085 const void *value, size_t size, int flags)
2089 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2091 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2092 "%s|%s", fsp->fsp_name, name);
2097 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2101 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2102 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2103 "%s", fsp->fsp_name);
2108 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2112 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2113 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2114 "%s", fsp->fsp_name);
2119 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2123 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2124 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2125 "%s", fsp->fsp_name);
2130 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2134 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2135 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2136 "%s", fsp->fsp_name);
2141 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2145 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2146 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2147 "%s", fsp->fsp_name);
2152 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2156 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2157 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2158 "%s", fsp->fsp_name);
2163 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2167 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2168 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2169 "%s", fsp->fsp_name);
2175 NTSTATUS vfs_full_audit_init(void);
2176 NTSTATUS vfs_full_audit_init(void)
2178 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2179 "full_audit", audit_op_tuples);
2181 if (!NT_STATUS_IS_OK(ret))
2184 vfs_full_audit_debug_level = debug_add_class("full_audit");
2185 if (vfs_full_audit_debug_level == -1) {
2186 vfs_full_audit_debug_level = DBGC_VFS;
2187 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2190 DEBUG(10, ("vfs_full_audit: Debug class number of "
2191 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / vlendec / samba-autobuild / .git / blob