2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
62 static int vfs_full_audit_debug_level = DBGC_VFS;
64 struct vfs_full_audit_private_data {
65 struct bitmap *success_ops;
66 struct bitmap *failure_ops;
70 #define DBGC_CLASS vfs_full_audit_debug_level
72 /* Function prototypes */
74 static int smb_full_audit_connect(vfs_handle_struct *handle,
75 const char *svc, const char *user);
76 static void smb_full_audit_disconnect(vfs_handle_struct *handle);
77 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
79 bool small_query, uint64_t *bsize,
80 uint64_t *dfree, uint64_t *dsize);
81 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
82 enum SMB_QUOTA_TYPE qtype, unid_t id,
84 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
85 enum SMB_QUOTA_TYPE qtype, unid_t id,
87 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
88 struct files_struct *fsp,
89 SHADOW_COPY_DATA *shadow_copy_data, bool labels);
90 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
92 struct vfs_statvfs_struct *statbuf);
94 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
95 const char *fname, const char *mask, uint32 attr);
96 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
97 SMB_STRUCT_DIR *dirp);
98 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
99 SMB_STRUCT_DIR *dirp, long offset);
100 static long smb_full_audit_telldir(vfs_handle_struct *handle,
101 SMB_STRUCT_DIR *dirp);
102 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
103 SMB_STRUCT_DIR *dirp);
104 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
105 const char *path, mode_t mode);
106 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
108 static int smb_full_audit_closedir(vfs_handle_struct *handle,
109 SMB_STRUCT_DIR *dirp);
110 static int smb_full_audit_open(vfs_handle_struct *handle,
111 const char *fname, files_struct *fsp, int flags, mode_t mode);
112 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
113 struct smb_request *req,
114 uint16_t root_dir_fid,
116 uint32_t create_file_flags,
117 uint32_t access_mask,
118 uint32_t share_access,
119 uint32_t create_disposition,
120 uint32_t create_options,
121 uint32_t file_attributes,
122 uint32_t oplock_request,
123 uint64_t allocation_size,
124 struct security_descriptor *sd,
125 struct ea_list *ea_list,
126 files_struct **result,
128 SMB_STRUCT_STAT *psbuf);
129 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp);
130 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
131 void *data, size_t n);
132 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
133 void *data, size_t n, SMB_OFF_T offset);
134 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
135 const void *data, size_t n);
136 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
137 const void *data, size_t n,
139 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
140 SMB_OFF_T offset, int whence);
141 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
142 files_struct *fromfsp,
143 const DATA_BLOB *hdr, SMB_OFF_T offset,
145 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
149 static int smb_full_audit_rename(vfs_handle_struct *handle,
150 const char *oldname, const char *newname);
151 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp);
152 static int smb_full_audit_stat(vfs_handle_struct *handle,
153 const char *fname, SMB_STRUCT_STAT *sbuf);
154 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
155 SMB_STRUCT_STAT *sbuf);
156 static int smb_full_audit_lstat(vfs_handle_struct *handle,
157 const char *path, SMB_STRUCT_STAT *sbuf);
158 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
159 files_struct *fsp, const SMB_STRUCT_STAT *sbuf);
160 static int smb_full_audit_unlink(vfs_handle_struct *handle,
162 static int smb_full_audit_chmod(vfs_handle_struct *handle,
163 const char *path, mode_t mode);
164 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
166 static int smb_full_audit_chown(vfs_handle_struct *handle,
167 const char *path, uid_t uid, gid_t gid);
168 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
169 uid_t uid, gid_t gid);
170 static int smb_full_audit_lchown(vfs_handle_struct *handle,
171 const char *path, uid_t uid, gid_t gid);
172 static int smb_full_audit_chdir(vfs_handle_struct *handle,
174 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
176 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
177 const char *path, struct smb_file_time *ft);
178 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
180 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
181 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
182 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
183 struct files_struct *fsp,
185 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
187 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
188 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid);
189 static int smb_full_audit_symlink(vfs_handle_struct *handle,
190 const char *oldpath, const char *newpath);
191 static int smb_full_audit_readlink(vfs_handle_struct *handle,
192 const char *path, char *buf, size_t bufsiz);
193 static int smb_full_audit_link(vfs_handle_struct *handle,
194 const char *oldpath, const char *newpath);
195 static int smb_full_audit_mknod(vfs_handle_struct *handle,
196 const char *pathname, mode_t mode, SMB_DEV_T dev);
197 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
198 const char *path, char *resolved_path);
199 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
200 struct sys_notify_context *ctx,
201 struct notify_entry *e,
202 void (*callback)(struct sys_notify_context *ctx,
204 struct notify_event *ev),
205 void *private_data, void *handle_p);
206 static int smb_full_audit_chflags(vfs_handle_struct *handle,
207 const char *path, unsigned int flags);
208 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
209 SMB_DEV_T dev, SMB_INO_T inode);
210 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
211 struct files_struct *fsp,
214 unsigned int *pnum_streams,
215 struct stream_struct **pstreams);
216 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
221 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
222 uint32 security_info,
224 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
225 const char *name, uint32 security_info,
227 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
228 uint32 security_info_sent,
229 const SEC_DESC *psd);
230 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
231 const char *path, mode_t mode);
232 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
234 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
235 SMB_ACL_T theacl, int entry_id,
236 SMB_ACL_ENTRY_T *entry_p);
237 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
238 SMB_ACL_ENTRY_T entry_d,
239 SMB_ACL_TAG_T *tag_type_p);
240 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
241 SMB_ACL_ENTRY_T entry_d,
242 SMB_ACL_PERMSET_T *permset_p);
243 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
244 SMB_ACL_ENTRY_T entry_d);
245 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
247 SMB_ACL_TYPE_T type);
248 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
250 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
251 SMB_ACL_PERMSET_T permset);
252 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
253 SMB_ACL_PERMSET_T permset,
254 SMB_ACL_PERM_T perm);
255 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
258 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
260 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
262 SMB_ACL_ENTRY_T *pentry);
263 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
264 SMB_ACL_ENTRY_T entry,
265 SMB_ACL_TAG_T tagtype);
266 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
267 SMB_ACL_ENTRY_T entry,
269 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
270 SMB_ACL_ENTRY_T entry,
271 SMB_ACL_PERMSET_T permset);
272 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
274 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
275 const char *name, SMB_ACL_TYPE_T acltype,
277 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
279 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
281 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
282 SMB_ACL_PERMSET_T permset,
283 SMB_ACL_PERM_T perm);
284 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
286 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
287 SMB_ACL_T posix_acl);
288 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
290 SMB_ACL_TAG_T tagtype);
291 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
293 const char *name, void *value, size_t size);
294 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
295 const char *path, const char *name,
296 void *value, size_t size);
297 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
298 struct files_struct *fsp,
299 const char *name, void *value, size_t size);
300 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
301 const char *path, char *list, size_t size);
302 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
303 const char *path, char *list, size_t size);
304 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
305 struct files_struct *fsp, char *list,
307 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
310 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
313 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
314 struct files_struct *fsp,
316 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
318 const char *name, const void *value, size_t size,
320 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
322 const char *name, const void *value, size_t size,
324 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
325 struct files_struct *fsp, const char *name,
326 const void *value, size_t size, int flags);
328 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
329 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
330 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
331 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
332 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
333 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
334 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
338 static vfs_op_tuple audit_op_tuples[] = {
340 /* Disk operations */
342 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
343 SMB_VFS_LAYER_LOGGER},
344 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
349 SMB_VFS_LAYER_LOGGER},
350 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
351 SMB_VFS_LAYER_LOGGER},
352 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
353 SMB_VFS_LAYER_LOGGER},
354 {SMB_VFS_OP(smb_full_audit_statvfs), SMB_VFS_OP_STATVFS,
355 SMB_VFS_LAYER_LOGGER},
357 /* Directory operations */
359 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
360 SMB_VFS_LAYER_LOGGER},
361 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
362 SMB_VFS_LAYER_LOGGER},
363 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
364 SMB_VFS_LAYER_LOGGER},
365 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
366 SMB_VFS_LAYER_LOGGER},
367 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
368 SMB_VFS_LAYER_LOGGER},
369 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
370 SMB_VFS_LAYER_LOGGER},
371 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
372 SMB_VFS_LAYER_LOGGER},
373 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
374 SMB_VFS_LAYER_LOGGER},
376 /* File operations */
378 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
379 SMB_VFS_LAYER_LOGGER},
380 {SMB_VFS_OP(smb_full_audit_create_file),SMB_VFS_OP_CREATE_FILE,
381 SMB_VFS_LAYER_LOGGER},
382 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
383 SMB_VFS_LAYER_LOGGER},
384 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
385 SMB_VFS_LAYER_LOGGER},
386 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
387 SMB_VFS_LAYER_LOGGER},
388 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
389 SMB_VFS_LAYER_LOGGER},
390 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
391 SMB_VFS_LAYER_LOGGER},
392 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
393 SMB_VFS_LAYER_LOGGER},
394 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
395 SMB_VFS_LAYER_LOGGER},
396 {SMB_VFS_OP(smb_full_audit_recvfile), SMB_VFS_OP_RECVFILE,
397 SMB_VFS_LAYER_LOGGER},
398 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
399 SMB_VFS_LAYER_LOGGER},
400 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
401 SMB_VFS_LAYER_LOGGER},
402 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
403 SMB_VFS_LAYER_LOGGER},
404 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
405 SMB_VFS_LAYER_LOGGER},
406 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
407 SMB_VFS_LAYER_LOGGER},
408 {SMB_VFS_OP(smb_full_audit_get_alloc_size), SMB_VFS_OP_GET_ALLOC_SIZE,
409 SMB_VFS_LAYER_LOGGER},
410 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
411 SMB_VFS_LAYER_LOGGER},
412 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(smb_full_audit_lchown), SMB_VFS_OP_LCHOWN,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(smb_full_audit_ntimes), SMB_VFS_OP_NTIMES,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(smb_full_audit_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
433 SMB_VFS_LAYER_LOGGER},
434 {SMB_VFS_OP(smb_full_audit_linux_setlease), SMB_VFS_OP_LINUX_SETLEASE,
435 SMB_VFS_LAYER_LOGGER},
436 {SMB_VFS_OP(smb_full_audit_getlock), SMB_VFS_OP_GETLOCK,
437 SMB_VFS_LAYER_LOGGER},
438 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
439 SMB_VFS_LAYER_LOGGER},
440 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
441 SMB_VFS_LAYER_LOGGER},
442 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
443 SMB_VFS_LAYER_LOGGER},
444 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
445 SMB_VFS_LAYER_LOGGER},
446 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
447 SMB_VFS_LAYER_LOGGER},
448 {SMB_VFS_OP(smb_full_audit_notify_watch),SMB_VFS_OP_NOTIFY_WATCH,
449 SMB_VFS_LAYER_LOGGER},
450 {SMB_VFS_OP(smb_full_audit_chflags), SMB_VFS_OP_CHFLAGS,
451 SMB_VFS_LAYER_LOGGER},
452 {SMB_VFS_OP(smb_full_audit_file_id_create), SMB_VFS_OP_FILE_ID_CREATE,
453 SMB_VFS_LAYER_LOGGER},
454 {SMB_VFS_OP(smb_full_audit_streaminfo), SMB_VFS_OP_STREAMINFO,
455 SMB_VFS_LAYER_LOGGER},
456 {SMB_VFS_OP(smb_full_audit_get_real_filename), SMB_VFS_OP_GET_REAL_FILENAME,
457 SMB_VFS_LAYER_LOGGER},
459 /* NT ACL operations. */
461 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
462 SMB_VFS_LAYER_LOGGER},
463 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
464 SMB_VFS_LAYER_LOGGER},
465 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
466 SMB_VFS_LAYER_LOGGER},
468 /* POSIX ACL operations. */
470 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
471 SMB_VFS_LAYER_LOGGER},
472 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
473 SMB_VFS_LAYER_LOGGER},
474 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
475 SMB_VFS_LAYER_LOGGER},
476 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
477 SMB_VFS_LAYER_LOGGER},
478 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
479 SMB_VFS_LAYER_LOGGER},
480 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
481 SMB_VFS_LAYER_LOGGER},
482 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
483 SMB_VFS_LAYER_LOGGER},
484 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
485 SMB_VFS_LAYER_LOGGER},
486 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
487 SMB_VFS_LAYER_LOGGER},
488 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
489 SMB_VFS_LAYER_LOGGER},
490 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
491 SMB_VFS_LAYER_LOGGER},
492 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
493 SMB_VFS_LAYER_LOGGER},
494 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
495 SMB_VFS_LAYER_LOGGER},
496 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
497 SMB_VFS_LAYER_LOGGER},
498 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
499 SMB_VFS_LAYER_LOGGER},
500 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
501 SMB_VFS_LAYER_LOGGER},
502 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
503 SMB_VFS_LAYER_LOGGER},
504 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
505 SMB_VFS_LAYER_LOGGER},
506 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
507 SMB_VFS_LAYER_LOGGER},
508 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
509 SMB_VFS_LAYER_LOGGER},
510 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
511 SMB_VFS_LAYER_LOGGER},
512 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
513 SMB_VFS_LAYER_LOGGER},
514 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
515 SMB_VFS_LAYER_LOGGER},
516 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
517 SMB_VFS_LAYER_LOGGER},
521 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
522 SMB_VFS_LAYER_LOGGER},
523 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
524 SMB_VFS_LAYER_LOGGER},
525 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
526 SMB_VFS_LAYER_LOGGER},
527 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
528 SMB_VFS_LAYER_LOGGER},
529 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
530 SMB_VFS_LAYER_LOGGER},
531 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
532 SMB_VFS_LAYER_LOGGER},
533 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
534 SMB_VFS_LAYER_LOGGER},
535 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
536 SMB_VFS_LAYER_LOGGER},
537 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
538 SMB_VFS_LAYER_LOGGER},
539 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
540 SMB_VFS_LAYER_LOGGER},
541 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
542 SMB_VFS_LAYER_LOGGER},
543 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
544 SMB_VFS_LAYER_LOGGER},
546 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
547 SMB_VFS_LAYER_LOGGER},
548 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
549 SMB_VFS_LAYER_LOGGER},
550 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
551 SMB_VFS_LAYER_LOGGER},
552 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
553 SMB_VFS_LAYER_LOGGER},
554 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
555 SMB_VFS_LAYER_LOGGER},
556 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
557 SMB_VFS_LAYER_LOGGER},
558 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
559 SMB_VFS_LAYER_LOGGER},
561 /* Finish VFS operations definition */
563 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
567 /* The following array *must* be in the same order as defined in vfs.h */
573 { SMB_VFS_OP_CONNECT, "connect" },
574 { SMB_VFS_OP_DISCONNECT, "disconnect" },
575 { SMB_VFS_OP_DISK_FREE, "disk_free" },
576 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
577 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
578 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
579 { SMB_VFS_OP_STATVFS, "statvfs" },
580 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
581 { SMB_VFS_OP_OPENDIR, "opendir" },
582 { SMB_VFS_OP_READDIR, "readdir" },
583 { SMB_VFS_OP_SEEKDIR, "seekdir" },
584 { SMB_VFS_OP_TELLDIR, "telldir" },
585 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
586 { SMB_VFS_OP_MKDIR, "mkdir" },
587 { SMB_VFS_OP_RMDIR, "rmdir" },
588 { SMB_VFS_OP_CLOSEDIR, "closedir" },
589 { SMB_VFS_OP_OPEN, "open" },
590 { SMB_VFS_OP_CREATE_FILE, "create_file" },
591 { SMB_VFS_OP_CLOSE, "close" },
592 { SMB_VFS_OP_READ, "read" },
593 { SMB_VFS_OP_PREAD, "pread" },
594 { SMB_VFS_OP_WRITE, "write" },
595 { SMB_VFS_OP_PWRITE, "pwrite" },
596 { SMB_VFS_OP_LSEEK, "lseek" },
597 { SMB_VFS_OP_SENDFILE, "sendfile" },
598 { SMB_VFS_OP_RECVFILE, "recvfile" },
599 { SMB_VFS_OP_RENAME, "rename" },
600 { SMB_VFS_OP_FSYNC, "fsync" },
601 { SMB_VFS_OP_STAT, "stat" },
602 { SMB_VFS_OP_FSTAT, "fstat" },
603 { SMB_VFS_OP_LSTAT, "lstat" },
604 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
605 { SMB_VFS_OP_UNLINK, "unlink" },
606 { SMB_VFS_OP_CHMOD, "chmod" },
607 { SMB_VFS_OP_FCHMOD, "fchmod" },
608 { SMB_VFS_OP_CHOWN, "chown" },
609 { SMB_VFS_OP_FCHOWN, "fchown" },
610 { SMB_VFS_OP_LCHOWN, "lchown" },
611 { SMB_VFS_OP_CHDIR, "chdir" },
612 { SMB_VFS_OP_GETWD, "getwd" },
613 { SMB_VFS_OP_NTIMES, "ntimes" },
614 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
615 { SMB_VFS_OP_LOCK, "lock" },
616 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
617 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
618 { SMB_VFS_OP_GETLOCK, "getlock" },
619 { SMB_VFS_OP_SYMLINK, "symlink" },
620 { SMB_VFS_OP_READLINK, "readlink" },
621 { SMB_VFS_OP_LINK, "link" },
622 { SMB_VFS_OP_MKNOD, "mknod" },
623 { SMB_VFS_OP_REALPATH, "realpath" },
624 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
625 { SMB_VFS_OP_CHFLAGS, "chflags" },
626 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
627 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
628 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
629 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
630 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
631 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
632 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
633 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
634 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
635 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
636 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
637 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
638 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
639 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
640 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
641 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
642 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
643 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
644 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
645 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
646 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
647 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
648 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
649 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
650 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
651 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
652 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
653 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
654 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
655 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
656 { SMB_VFS_OP_GETXATTR, "getxattr" },
657 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
658 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
659 { SMB_VFS_OP_LISTXATTR, "listxattr" },
660 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
661 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
662 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
663 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
664 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
665 { SMB_VFS_OP_SETXATTR, "setxattr" },
666 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
667 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
668 { SMB_VFS_OP_AIO_READ, "aio_read" },
669 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
670 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
671 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
672 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
673 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
674 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
675 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
676 { SMB_VFS_OP_IS_OFFLINE, "aio_is_offline" },
677 { SMB_VFS_OP_SET_OFFLINE, "aio_set_offline" },
678 { SMB_VFS_OP_LAST, NULL }
681 static int audit_syslog_facility(vfs_handle_struct *handle)
683 static const struct enum_list enum_log_facilities[] = {
684 { LOG_USER, "USER" },
685 { LOG_LOCAL0, "LOCAL0" },
686 { LOG_LOCAL1, "LOCAL1" },
687 { LOG_LOCAL2, "LOCAL2" },
688 { LOG_LOCAL3, "LOCAL3" },
689 { LOG_LOCAL4, "LOCAL4" },
690 { LOG_LOCAL5, "LOCAL5" },
691 { LOG_LOCAL6, "LOCAL6" },
692 { LOG_LOCAL7, "LOCAL7" }
697 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
702 static int audit_syslog_priority(vfs_handle_struct *handle)
704 static const struct enum_list enum_log_priorities[] = {
705 { LOG_EMERG, "EMERG" },
706 { LOG_ALERT, "ALERT" },
707 { LOG_CRIT, "CRIT" },
709 { LOG_WARNING, "WARNING" },
710 { LOG_NOTICE, "NOTICE" },
711 { LOG_INFO, "INFO" },
712 { LOG_DEBUG, "DEBUG" }
717 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
718 enum_log_priorities, LOG_NOTICE);
719 if (priority == -1) {
720 priority = LOG_WARNING;
726 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
731 prefix = talloc_strdup(ctx,
732 lp_parm_const_string(SNUM(conn), "full_audit",
737 result = talloc_sub_advanced(ctx,
738 lp_servicename(SNUM(conn)),
739 conn->server_info->unix_name,
741 conn->server_info->utok.gid,
742 conn->server_info->sanitized_username,
743 pdb_get_domain(conn->server_info->sam_account),
749 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
751 struct vfs_full_audit_private_data *pd = NULL;
753 SMB_VFS_HANDLE_GET_DATA(handle, pd,
754 struct vfs_full_audit_private_data,
757 if (pd->success_ops == NULL) {
761 return bitmap_query(pd->success_ops, op);
764 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
766 struct vfs_full_audit_private_data *pd = NULL;
768 SMB_VFS_HANDLE_GET_DATA(handle, pd,
769 struct vfs_full_audit_private_data,
772 if (pd->failure_ops == NULL)
775 return bitmap_query(pd->failure_ops, op);
778 static void init_bitmap(struct bitmap **bm, const char **ops)
780 bool log_all = False;
785 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
788 DEBUG(0, ("Could not alloc bitmap -- "
789 "defaulting to logging everything\n"));
793 while (*ops != NULL) {
797 if (strequal(*ops, "all")) {
802 if (strequal(*ops, "none")) {
806 for (i=0; i<SMB_VFS_OP_LAST; i++) {
807 if (vfs_op_names[i].name == NULL) {
808 smb_panic("vfs_full_audit.c: name table not "
809 "in sync with vfs.h\n");
812 if (strequal(*ops, vfs_op_names[i].name)) {
818 DEBUG(0, ("Could not find opname %s, logging all\n",
827 /* The query functions default to True */
833 static const char *audit_opname(vfs_op_type op)
835 if (op >= SMB_VFS_OP_LAST)
836 return "INVALID VFS OP";
837 return vfs_op_names[op].name;
840 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
841 const char *format, ...)
844 char *audit_pre = NULL;
848 if (success && (!log_success(handle, op)))
851 if (!success && (!log_failure(handle, op)))
855 fstrcpy(err_msg, "ok");
857 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
859 va_start(ap, format);
860 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
867 audit_pre = audit_prefix(talloc_tos(), handle->conn);
868 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
869 audit_pre ? audit_pre : "",
870 audit_opname(op), err_msg, op_msg);
872 TALLOC_FREE(audit_pre);
878 /* Free function for the private data. */
880 static void free_private_data(void **p_data)
882 struct vfs_full_audit_private_data *pd = *(struct vfs_full_audit_private_data **)p_data;
884 if (pd->success_ops) {
885 bitmap_free(pd->success_ops);
887 if (pd->failure_ops) {
888 bitmap_free(pd->failure_ops);
894 /* Implementation of vfs_ops. Pass everything on to the default
895 operation but log event first. */
897 static int smb_full_audit_connect(vfs_handle_struct *handle,
898 const char *svc, const char *user)
901 struct vfs_full_audit_private_data *pd = NULL;
902 const char *none[] = { NULL };
903 const char *all [] = { "all" };
909 pd = SMB_MALLOC_P(struct vfs_full_audit_private_data);
915 openlog("smbd_audit", 0, audit_syslog_facility(handle));
917 init_bitmap(&pd->success_ops,
918 lp_parm_string_list(SNUM(handle->conn), "full_audit", "success",
920 init_bitmap(&pd->failure_ops,
921 lp_parm_string_list(SNUM(handle->conn), "full_audit", "failure",
924 /* Store the private data. */
925 SMB_VFS_HANDLE_SET_DATA(handle, pd, free_private_data,
926 struct vfs_full_audit_private_data, return -1);
928 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
930 do_log(SMB_VFS_OP_CONNECT, True, handle,
936 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
938 SMB_VFS_NEXT_DISCONNECT(handle);
940 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
941 "%s", lp_servicename(SNUM(handle->conn)));
943 /* The bitmaps will be disconnected when the private
949 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
951 bool small_query, uint64_t *bsize,
952 uint64_t *dfree, uint64_t *dsize)
956 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
959 /* Don't have a reasonable notion of failure here */
961 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
966 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
967 enum SMB_QUOTA_TYPE qtype, unid_t id,
972 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
974 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
980 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
981 enum SMB_QUOTA_TYPE qtype, unid_t id,
986 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
988 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
993 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
994 struct files_struct *fsp,
995 SHADOW_COPY_DATA *shadow_copy_data, bool labels)
999 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
1001 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
1006 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
1008 struct vfs_statvfs_struct *statbuf)
1012 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
1014 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
1019 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
1020 const char *fname, const char *mask, uint32 attr)
1022 SMB_STRUCT_DIR *result;
1024 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
1026 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
1031 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
1032 SMB_STRUCT_DIR *dirp)
1034 SMB_STRUCT_DIRENT *result;
1036 result = SMB_VFS_NEXT_READDIR(handle, dirp);
1038 /* This operation has no reasonable error condition
1039 * (End of dir is also failure), so always succeed.
1041 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1046 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
1047 SMB_STRUCT_DIR *dirp, long offset)
1049 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1051 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1055 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1056 SMB_STRUCT_DIR *dirp)
1060 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1062 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1067 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1068 SMB_STRUCT_DIR *dirp)
1070 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1072 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1076 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
1077 const char *path, mode_t mode)
1081 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
1083 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
1088 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
1093 result = SMB_VFS_NEXT_RMDIR(handle, path);
1095 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
1100 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1101 SMB_STRUCT_DIR *dirp)
1105 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1107 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1112 static int smb_full_audit_open(vfs_handle_struct *handle,
1113 const char *fname, files_struct *fsp, int flags, mode_t mode)
1117 result = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
1119 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1120 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1126 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1127 struct smb_request *req,
1128 uint16_t root_dir_fid,
1130 uint32_t create_file_flags,
1131 uint32_t access_mask,
1132 uint32_t share_access,
1133 uint32_t create_disposition,
1134 uint32_t create_options,
1135 uint32_t file_attributes,
1136 uint32_t oplock_request,
1137 uint64_t allocation_size,
1138 struct security_descriptor *sd,
1139 struct ea_list *ea_list,
1140 files_struct **result_fsp,
1142 SMB_STRUCT_STAT *psbuf)
1146 result = SMB_VFS_NEXT_CREATE_FILE(
1147 handle, /* handle */
1149 root_dir_fid, /* root_dir_fid */
1151 create_file_flags, /* create_file_flags */
1152 access_mask, /* access_mask */
1153 share_access, /* share_access */
1154 create_disposition, /* create_disposition*/
1155 create_options, /* create_options */
1156 file_attributes, /* file_attributes */
1157 oplock_request, /* oplock_request */
1158 allocation_size, /* allocation_size */
1160 ea_list, /* ea_list */
1161 result_fsp, /* result */
1165 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle, "0x%x|%s",
1166 access_mask, fname);
1171 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1175 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1177 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
1182 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1183 void *data, size_t n)
1187 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1189 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
1194 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1195 void *data, size_t n, SMB_OFF_T offset)
1199 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1201 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
1206 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1207 const void *data, size_t n)
1211 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1213 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1218 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1219 const void *data, size_t n,
1224 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1226 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1231 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1232 SMB_OFF_T offset, int whence)
1236 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1238 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1239 "%s", fsp->fsp_name);
1244 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1245 files_struct *fromfsp,
1246 const DATA_BLOB *hdr, SMB_OFF_T offset,
1251 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1253 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1254 "%s", fromfsp->fsp_name);
1259 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1260 files_struct *tofsp,
1266 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1268 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1269 "%s", tofsp->fsp_name);
1274 static int smb_full_audit_rename(vfs_handle_struct *handle,
1275 const char *oldname, const char *newname)
1279 result = SMB_VFS_NEXT_RENAME(handle, oldname, newname);
1281 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1286 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1290 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1292 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1297 static int smb_full_audit_stat(vfs_handle_struct *handle,
1298 const char *fname, SMB_STRUCT_STAT *sbuf)
1302 result = SMB_VFS_NEXT_STAT(handle, fname, sbuf);
1304 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1309 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1310 SMB_STRUCT_STAT *sbuf)
1314 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1316 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1321 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1322 const char *path, SMB_STRUCT_STAT *sbuf)
1326 result = SMB_VFS_NEXT_LSTAT(handle, path, sbuf);
1328 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1333 static int smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1334 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1338 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1340 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result >= 0), handle, "%d", result);
1345 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1350 result = SMB_VFS_NEXT_UNLINK(handle, path);
1352 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1357 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1358 const char *path, mode_t mode)
1362 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1364 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1369 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1374 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1376 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1377 "%s|%o", fsp->fsp_name, mode);
1382 static int smb_full_audit_chown(vfs_handle_struct *handle,
1383 const char *path, uid_t uid, gid_t gid)
1387 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1389 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1390 path, (long int)uid, (long int)gid);
1395 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1396 uid_t uid, gid_t gid)
1400 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1402 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1403 fsp->fsp_name, (long int)uid, (long int)gid);
1408 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1409 const char *path, uid_t uid, gid_t gid)
1413 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1415 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1416 path, (long int)uid, (long int)gid);
1421 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1426 result = SMB_VFS_NEXT_CHDIR(handle, path);
1428 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1433 static char *smb_full_audit_getwd(vfs_handle_struct *handle,
1438 result = SMB_VFS_NEXT_GETWD(handle, path);
1440 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1445 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1446 const char *path, struct smb_file_time *ft)
1450 result = SMB_VFS_NEXT_NTIMES(handle, path, ft);
1452 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s", path);
1457 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1462 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1464 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1465 "%s", fsp->fsp_name);
1470 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1471 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1475 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1477 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp->fsp_name);
1482 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1483 struct files_struct *fsp,
1488 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode);
1490 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1496 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1501 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1503 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1509 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1510 SMB_OFF_T *poffset, SMB_OFF_T *pcount, int *ptype, pid_t *ppid)
1514 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1516 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp->fsp_name);
1521 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1522 const char *oldpath, const char *newpath)
1526 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1528 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1529 "%s|%s", oldpath, newpath);
1534 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1535 const char *path, char *buf, size_t bufsiz)
1539 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1541 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1546 static int smb_full_audit_link(vfs_handle_struct *handle,
1547 const char *oldpath, const char *newpath)
1551 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1553 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1554 "%s|%s", oldpath, newpath);
1559 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1560 const char *pathname, mode_t mode, SMB_DEV_T dev)
1564 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1566 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1571 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1572 const char *path, char *resolved_path)
1576 result = SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
1578 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1583 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1584 struct sys_notify_context *ctx,
1585 struct notify_entry *e,
1586 void (*callback)(struct sys_notify_context *ctx,
1588 struct notify_event *ev),
1589 void *private_data, void *handle_p)
1593 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, e, callback, private_data, handle_p);
1595 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1600 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1601 const char *path, unsigned int flags)
1605 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1607 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1612 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1613 SMB_DEV_T dev, SMB_INO_T inode)
1615 struct file_id id_zero;
1616 struct file_id result;
1618 ZERO_STRUCT(id_zero);
1620 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode);
1622 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1623 !file_id_equal(&id_zero, &result),
1624 handle, "%s", file_id_string_tos(&result));
1629 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1630 struct files_struct *fsp,
1632 TALLOC_CTX *mem_ctx,
1633 unsigned int *pnum_streams,
1634 struct stream_struct **pstreams)
1638 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1639 pnum_streams, pstreams);
1641 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1647 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1650 TALLOC_CTX *mem_ctx,
1655 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1658 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1659 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1664 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1665 uint32 security_info,
1670 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1672 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1673 "%s", fsp->fsp_name);
1678 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1680 uint32 security_info,
1685 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1687 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1693 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1694 uint32 security_info_sent,
1695 const SEC_DESC *psd)
1699 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1701 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
1706 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1707 const char *path, mode_t mode)
1711 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1713 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1714 "%s|%o", path, mode);
1719 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1724 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1726 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1727 "%s|%o", fsp->fsp_name, mode);
1732 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1734 SMB_ACL_T theacl, int entry_id,
1735 SMB_ACL_ENTRY_T *entry_p)
1739 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id,
1742 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1748 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1750 SMB_ACL_ENTRY_T entry_d,
1751 SMB_ACL_TAG_T *tag_type_p)
1755 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d,
1758 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1764 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1766 SMB_ACL_ENTRY_T entry_d,
1767 SMB_ACL_PERMSET_T *permset_p)
1771 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d,
1774 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1780 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1782 SMB_ACL_ENTRY_T entry_d)
1786 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
1788 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1794 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1796 SMB_ACL_TYPE_T type)
1800 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1802 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1808 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1813 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1815 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1816 "%s", fsp->fsp_name);
1821 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1823 SMB_ACL_PERMSET_T permset)
1827 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
1829 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1835 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1837 SMB_ACL_PERMSET_T permset,
1838 SMB_ACL_PERM_T perm)
1842 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
1844 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1850 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1856 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
1858 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1864 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1870 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
1872 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1878 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1880 SMB_ACL_ENTRY_T *pentry)
1884 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
1886 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1892 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1894 SMB_ACL_ENTRY_T entry,
1895 SMB_ACL_TAG_T tagtype)
1899 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry,
1902 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1908 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1910 SMB_ACL_ENTRY_T entry,
1915 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
1917 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1923 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1925 SMB_ACL_ENTRY_T entry,
1926 SMB_ACL_PERMSET_T permset)
1930 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
1932 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1938 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1944 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
1946 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1952 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1954 const char *name, SMB_ACL_TYPE_T acltype,
1959 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1962 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1968 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1973 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1975 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1976 "%s", fsp->fsp_name);
1981 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1987 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1989 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1995 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1997 SMB_ACL_PERMSET_T permset,
1998 SMB_ACL_PERM_T perm)
2002 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
2004 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
2010 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
2016 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
2018 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
2024 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
2026 SMB_ACL_T posix_acl)
2030 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
2032 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
2038 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
2040 SMB_ACL_TAG_T tagtype)
2044 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier,
2047 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
2053 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2055 const char *name, void *value, size_t size)
2059 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
2061 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2062 "%s|%s", path, name);
2067 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
2068 const char *path, const char *name,
2069 void *value, size_t size)
2073 result = SMB_VFS_NEXT_LGETXATTR(handle, path, name, value, size);
2075 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
2076 "%s|%s", path, name);
2081 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2082 struct files_struct *fsp,
2083 const char *name, void *value, size_t size)
2087 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2089 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2090 "%s|%s", fsp->fsp_name, name);
2095 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2096 const char *path, char *list, size_t size)
2100 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
2102 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
2107 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
2108 const char *path, char *list, size_t size)
2112 result = SMB_VFS_NEXT_LLISTXATTR(handle, path, list, size);
2114 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
2119 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2120 struct files_struct *fsp, char *list,
2125 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2127 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2128 "%s", fsp->fsp_name);
2133 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2139 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
2141 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2142 "%s|%s", path, name);
2147 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
2153 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, path, name);
2155 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
2156 "%s|%s", path, name);
2161 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2162 struct files_struct *fsp,
2167 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2169 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2170 "%s|%s", fsp->fsp_name, name);
2175 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2177 const char *name, const void *value, size_t size,
2182 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
2185 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2186 "%s|%s", path, name);
2191 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
2193 const char *name, const void *value, size_t size,
2198 result = SMB_VFS_NEXT_LSETXATTR(handle, path, name, value, size,
2201 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
2202 "%s|%s", path, name);
2207 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2208 struct files_struct *fsp, const char *name,
2209 const void *value, size_t size, int flags)
2213 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2215 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2216 "%s|%s", fsp->fsp_name, name);
2221 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2225 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
2226 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
2227 "%s", fsp->fsp_name);
2232 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2236 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
2237 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
2238 "%s", fsp->fsp_name);
2243 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2247 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
2248 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
2249 "%s", fsp->fsp_name);
2254 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2258 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, aiocb);
2259 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
2260 "%s", fsp->fsp_name);
2265 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
2269 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
2270 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
2271 "%s", fsp->fsp_name);
2276 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
2280 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
2281 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
2282 "%s", fsp->fsp_name);
2287 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
2291 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
2292 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
2293 "%s", fsp->fsp_name);
2299 NTSTATUS vfs_full_audit_init(void);
2300 NTSTATUS vfs_full_audit_init(void)
2302 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2303 "full_audit", audit_op_tuples);
2305 if (!NT_STATUS_IS_OK(ret))
2308 vfs_full_audit_debug_level = debug_add_class("full_audit");
2309 if (vfs_full_audit_debug_level == -1) {
2310 vfs_full_audit_debug_level = DBGC_VFS;
2311 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2314 DEBUG(10, ("vfs_full_audit: Debug class number of "
2315 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / metze / samba / wip.git / blob