#include "includes.h"
-extern userdom_struct current_user_info;
-
static int vfs_full_audit_debug_level = DBGC_VFS;
struct vfs_full_audit_private_data {
static int smb_full_audit_connect(vfs_handle_struct *handle,
const char *svc, const char *user);
static void smb_full_audit_disconnect(vfs_handle_struct *handle);
-static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
+static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
const char *path,
- bool small_query, SMB_BIG_UINT *bsize,
- SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
+ bool small_query, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize);
static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
enum SMB_QUOTA_TYPE qtype, unid_t id,
SMB_DISK_QUOTA *qt);
SMB_STRUCT_DIR *dirp);
static int smb_full_audit_open(vfs_handle_struct *handle,
const char *fname, files_struct *fsp, int flags, mode_t mode);
-static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
+static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
+ struct smb_request *req,
+ uint16_t root_dir_fid,
+ const char *fname,
+ uint32_t create_file_flags,
+ uint32_t access_mask,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ uint32_t file_attributes,
+ uint32_t oplock_request,
+ uint64_t allocation_size,
+ struct security_descriptor *sd,
+ struct ea_list *ea_list,
+ files_struct **result,
+ int *pinfo,
+ SMB_STRUCT_STAT *psbuf);
+static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp);
static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
void *data, size_t n);
static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
static char *smb_full_audit_getwd(vfs_handle_struct *handle,
char *path);
static int smb_full_audit_ntimes(vfs_handle_struct *handle,
- const char *path, const struct timespec ts[2]);
+ const char *path, struct smb_file_time *ft);
static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
SMB_OFF_T len);
static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
const char *path, unsigned int flags);
static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
SMB_DEV_T dev, SMB_INO_T inode);
+static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams);
+static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
+ const char *path,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name);
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc);
-static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- SEC_DESC *psd);
-static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- const char *name, uint32 security_info_sent,
- SEC_DESC *psd);
+ const SEC_DESC *psd);
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const char *path, mode_t mode);
static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
{SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
SMB_VFS_LAYER_LOGGER},
+ {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE,
+ SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
SMB_VFS_LAYER_LOGGER},
+ {SMB_VFS_OP(smb_full_audit_streaminfo), SMB_VFS_OP_STREAMINFO,
+ SMB_VFS_LAYER_LOGGER},
+ {SMB_VFS_OP(smb_full_audit_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME,
+ SMB_VFS_LAYER_LOGGER},
/* NT ACL operations. */
SMB_VFS_LAYER_LOGGER},
{SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
SMB_VFS_LAYER_LOGGER},
- {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
- SMB_VFS_LAYER_LOGGER},
/* POSIX ACL operations. */
{ SMB_VFS_OP_SET_QUOTA, "set_quota" },
{ SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
{ SMB_VFS_OP_STATVFS, "statvfs" },
+ { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
{ SMB_VFS_OP_OPENDIR, "opendir" },
{ SMB_VFS_OP_READDIR, "readdir" },
{ SMB_VFS_OP_SEEKDIR, "seekdir" },
{ SMB_VFS_OP_RMDIR, "rmdir" },
{ SMB_VFS_OP_CLOSEDIR, "closedir" },
{ SMB_VFS_OP_OPEN, "open" },
+ { SMB_VFS_OP_CREATE_FILE, "create_file" },
{ SMB_VFS_OP_CLOSE, "close" },
{ SMB_VFS_OP_READ, "read" },
{ SMB_VFS_OP_PREAD, "pread" },
{ SMB_VFS_OP_PWRITE, "pwrite" },
{ SMB_VFS_OP_LSEEK, "lseek" },
{ SMB_VFS_OP_SENDFILE, "sendfile" },
+ { SMB_VFS_OP_RECVFILE, "recvfile" },
{ SMB_VFS_OP_RENAME, "rename" },
{ SMB_VFS_OP_FSYNC, "fsync" },
{ SMB_VFS_OP_STAT, "stat" },
{ SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
{ SMB_VFS_OP_CHFLAGS, "chflags" },
{ SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
+ { SMB_VFS_OP_STREAMINFO, "streaminfo" },
+ { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
{ SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
{ SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
{ SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
- { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
{ SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
{ SMB_VFS_OP_AIO_ERROR, "aio_error" },
{ SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
{ SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
+ { SMB_VFS_OP_AIO_FORCE, "aio_force" },
+ { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
+ { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
{ SMB_VFS_OP_LAST, NULL }
};
int priority;
- priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority", enum_log_priorities, LOG_NOTICE);
+ priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
+ enum_log_priorities, LOG_NOTICE);
+ if (priority == -1) {
+ priority = LOG_WARNING;
+ }
return priority;
}
static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
{
char *prefix = NULL;
+ char *result;
prefix = talloc_strdup(ctx,
lp_parm_const_string(SNUM(conn), "full_audit",
if (!prefix) {
return NULL;
}
- return talloc_sub_advanced(ctx,
- lp_servicename(SNUM(conn)), conn->user,
- conn->connectpath, conn->gid,
- get_current_username(),
- current_user_info.domain,
+ result = talloc_sub_advanced(ctx,
+ lp_servicename(SNUM(conn)),
+ conn->server_info->unix_name,
+ conn->connectpath,
+ conn->server_info->utok.gid,
+ conn->server_info->sanitized_username,
+ pdb_get_domain(conn->server_info->sam_account),
prefix);
+ TALLOC_FREE(prefix);
+ return result;
}
static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
va_start(ap, format);
- op_msg = talloc_vasprintf(NULL, format, ap);
+ op_msg = talloc_vasprintf(talloc_tos(), format, ap);
va_end(ap);
if (!op_msg) {
return;
}
- audit_pre = audit_prefix(NULL, handle->conn);
+ audit_pre = audit_prefix(talloc_tos(), handle->conn);
syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
audit_pre ? audit_pre : "",
audit_opname(op), err_msg, op_msg);
return;
}
-static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
+static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
const char *path,
- bool small_query, SMB_BIG_UINT *bsize,
- SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
+ bool small_query, uint64_t *bsize,
+ uint64_t *dfree, uint64_t *dsize)
{
- SMB_BIG_UINT result;
+ uint64_t result;
result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
dfree, dsize);
return result;
}
-static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
+static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
+ struct smb_request *req,
+ uint16_t root_dir_fid,
+ const char *fname,
+ uint32_t create_file_flags,
+ uint32_t access_mask,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ uint32_t file_attributes,
+ uint32_t oplock_request,
+ uint64_t allocation_size,
+ struct security_descriptor *sd,
+ struct ea_list *ea_list,
+ files_struct **result_fsp,
+ int *pinfo,
+ SMB_STRUCT_STAT *psbuf)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_CREATE_FILE(
+ handle, /* handle */
+ req, /* req */
+ root_dir_fid, /* root_dir_fid */
+ fname, /* fname */
+ create_file_flags, /* create_file_flags */
+ access_mask, /* access_mask */
+ share_access, /* share_access */
+ create_disposition, /* create_disposition*/
+ create_options, /* create_options */
+ file_attributes, /* file_attributes */
+ oplock_request, /* oplock_request */
+ allocation_size, /* allocation_size */
+ sd, /* sd */
+ ea_list, /* ea_list */
+ result_fsp, /* result */
+ pinfo, /* pinfo */
+ psbuf); /* psbuf */
+
+ do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
+ access_mask, fname);
+
+ return result;
+}
+
+static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
{
int result;
- result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
+ result = SMB_VFS_NEXT_CLOSE(handle, fsp);
do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
}
static int smb_full_audit_ntimes(vfs_handle_struct *handle,
- const char *path, const struct timespec ts[2])
+ const char *path, struct smb_file_time *ft)
{
int result;
- result = SMB_VFS_NEXT_NTIMES(handle, path, ts);
+ result = SMB_VFS_NEXT_NTIMES(handle, path, ft);
do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
return result;
}
+static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams)
+{
+ NTSTATUS result;
+
+ result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
+ pnum_streams, pstreams);
+
+ do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
+ "%s", fname);
+
+ return result;
+}
+
+static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
+ const char *path,
+ const char *name,
+ TALLOC_CTX *mem_ctx,
+ char **found_name)
+{
+ int result;
+
+ result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
+ found_name);
+
+ do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
+ "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
+
+ return result;
+}
+
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc)
}
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp,
const char *name,
uint32 security_info,
SEC_DESC **ppdesc)
result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
- "%s", fsp->fsp_name);
+ "%s", name);
return result;
}
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- SEC_DESC *psd)
+ const SEC_DESC *psd)
{
NTSTATUS result;
return result;
}
-static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- const char *name, uint32 security_info_sent,
- SEC_DESC *psd)
-{
- NTSTATUS result;
-
- result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
- psd);
-
- do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
-
- return result;
-}
-
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const char *path, mode_t mode)
{