static int smb_full_audit_connect(vfs_handle_struct *handle,
const char *svc, const char *user);
static void smb_full_audit_disconnect(vfs_handle_struct *handle);
-static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
+static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
const char *path,
- bool small_query, SMB_BIG_UINT *bsize,
- SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
+ bool small_query, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize);
static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
enum SMB_QUOTA_TYPE qtype, unid_t id,
SMB_DISK_QUOTA *qt);
SMB_STRUCT_DIR *dirp);
static int smb_full_audit_open(vfs_handle_struct *handle,
const char *fname, files_struct *fsp, int flags, mode_t mode);
+static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
+ struct smb_request *req,
+ uint16_t root_dir_fid,
+ const char *fname,
+ uint32_t create_file_flags,
+ uint32_t access_mask,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ uint32_t file_attributes,
+ uint32_t oplock_request,
+ uint64_t allocation_size,
+ struct security_descriptor *sd,
+ struct ea_list *ea_list,
+ files_struct **result,
+ int *pinfo,
+ SMB_STRUCT_STAT *psbuf);
static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp);
static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
void *data, size_t n);
static char *smb_full_audit_getwd(vfs_handle_struct *handle,
char *path);
static int smb_full_audit_ntimes(vfs_handle_struct *handle,
- const char *path, const struct timespec ts[2]);
+ const char *path, struct smb_file_time *ft);
static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
SMB_OFF_T len);
static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
TALLOC_CTX *mem_ctx,
unsigned int *pnum_streams,
struct stream_struct **pstreams);
+static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
+ const char *path,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name);
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc);
-static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- SEC_DESC *psd);
+ const SEC_DESC *psd);
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const char *path, mode_t mode);
static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
{SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
SMB_VFS_LAYER_LOGGER},
+ {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE,
+ SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_streaminfo), SMB_VFS_OP_STREAMINFO,
SMB_VFS_LAYER_LOGGER},
+ {SMB_VFS_OP(smb_full_audit_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME,
+ SMB_VFS_LAYER_LOGGER},
/* NT ACL operations. */
{ SMB_VFS_OP_RMDIR, "rmdir" },
{ SMB_VFS_OP_CLOSEDIR, "closedir" },
{ SMB_VFS_OP_OPEN, "open" },
+ { SMB_VFS_OP_CREATE_FILE, "create_file" },
{ SMB_VFS_OP_CLOSE, "close" },
{ SMB_VFS_OP_READ, "read" },
{ SMB_VFS_OP_PREAD, "pread" },
{ SMB_VFS_OP_PWRITE, "pwrite" },
{ SMB_VFS_OP_LSEEK, "lseek" },
{ SMB_VFS_OP_SENDFILE, "sendfile" },
+ { SMB_VFS_OP_RECVFILE, "recvfile" },
{ SMB_VFS_OP_RENAME, "rename" },
{ SMB_VFS_OP_FSYNC, "fsync" },
{ SMB_VFS_OP_STAT, "stat" },
{ SMB_VFS_OP_CHFLAGS, "chflags" },
{ SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
{ SMB_VFS_OP_STREAMINFO, "streaminfo" },
+ { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
{ SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
{ SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
{ SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
{
char *prefix = NULL;
+ char *result;
prefix = talloc_strdup(ctx,
lp_parm_const_string(SNUM(conn), "full_audit",
if (!prefix) {
return NULL;
}
- return talloc_sub_advanced(ctx,
+ result = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
prefix);
+ TALLOC_FREE(prefix);
+ return result;
}
static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
va_start(ap, format);
- op_msg = talloc_vasprintf(NULL, format, ap);
+ op_msg = talloc_vasprintf(talloc_tos(), format, ap);
va_end(ap);
if (!op_msg) {
return;
}
- audit_pre = audit_prefix(NULL, handle->conn);
+ audit_pre = audit_prefix(talloc_tos(), handle->conn);
syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
audit_pre ? audit_pre : "",
audit_opname(op), err_msg, op_msg);
return;
}
-static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
+static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
const char *path,
- bool small_query, SMB_BIG_UINT *bsize,
- SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+ bool small_query, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize)
{
- SMB_BIG_UINT result;
+ uint64_t result;
result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
dfree, dsize);
return result;
}
+static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
+ struct smb_request *req,
+ uint16_t root_dir_fid,
+ const char *fname,
+ uint32_t create_file_flags,
+ uint32_t access_mask,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ uint32_t file_attributes,
+ uint32_t oplock_request,
+ uint64_t allocation_size,
+ struct security_descriptor *sd,
+ struct ea_list *ea_list,
+ files_struct **result_fsp,
+ int *pinfo,
+ SMB_STRUCT_STAT *psbuf)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_CREATE_FILE(
+ handle, /* handle */
+ req, /* req */
+ root_dir_fid, /* root_dir_fid */
+ fname, /* fname */
+ create_file_flags, /* create_file_flags */
+ access_mask, /* access_mask */
+ share_access, /* share_access */
+ create_disposition, /* create_disposition*/
+ create_options, /* create_options */
+ file_attributes, /* file_attributes */
+ oplock_request, /* oplock_request */
+ allocation_size, /* allocation_size */
+ sd, /* sd */
+ ea_list, /* ea_list */
+ result_fsp, /* result */
+ pinfo, /* pinfo */
+ psbuf); /* psbuf */
+
+ do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
+ access_mask, fname);
+
+ return result;
+}
+
static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
{
int result;
}
static int smb_full_audit_ntimes(vfs_handle_struct *handle,
- const char *path, const struct timespec ts[2])
+ const char *path, struct smb_file_time *ft)
{
int result;
- result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
+ result = SMB_VFS_NEXT_NTIMES(handle, path, ft);
do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
return result;
}
+static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
+ const char *path,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name)
+{
+ int result;
+
+ result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
+ found_name);
+
+ do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
+ "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
+
+ return result;
+}
+
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc)
}
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp,
const char *name,
uint32 security_info,
SEC_DESC **ppdesc)
result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
- "%s", fsp->fsp_name);
+ "%s", name);
return result;
}
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- SEC_DESC *psd)
+ const SEC_DESC *psd)
{
NTSTATUS result;