2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir create_file
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp
42 * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist
43 * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt
44 * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt
46 * where "nobody" is the connected username and "192.168.234.1" is the
47 * client's IP address.
51 * prefix: A macro expansion template prepended to the syslog entry.
53 * success: A list of VFS operations for which a successful completion should
54 * be logged. Defaults to no logging at all. The special operation "all" logs
55 * - you guessed it - everything.
57 * failure: A list of VFS operations for which failure to complete should be
58 * logged. Defaults to logging everything.
63 #include "system/filesys.h"
64 #include "system/syslog.h"
65 #include "smbd/smbd.h"
66 #include "../librpc/gen_ndr/ndr_netlogon.h"
69 #include "lib/param/loadparm.h"
70 #include "lib/util/bitmap.h"
71 #include "lib/util/tevent_unix.h"
72 #include "libcli/security/sddl.h"
73 #include "passdb/machine_sid.h"
74 #include "lib/util/tevent_ntstatus.h"
75 #include "lib/util/string_wrappers.h"
76 #include "source3/lib/substitute.h"
78 static int vfs_full_audit_debug_level = DBGC_VFS;
80 struct vfs_full_audit_private_data {
81 struct bitmap *success_ops;
82 struct bitmap *failure_ops;
90 #define DBGC_CLASS vfs_full_audit_debug_level
92 typedef enum _vfs_op_type {
97 SMB_VFS_OP_CONNECT = 0,
98 SMB_VFS_OP_DISCONNECT,
100 SMB_VFS_OP_GET_QUOTA,
101 SMB_VFS_OP_SET_QUOTA,
102 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
104 SMB_VFS_OP_FS_CAPABILITIES,
105 SMB_VFS_OP_GET_DFS_REFERRALS,
106 SMB_VFS_OP_CREATE_DFS_PATHAT,
107 SMB_VFS_OP_READ_DFS_PATHAT,
109 /* Directory operations */
111 SMB_VFS_OP_FDOPENDIR,
113 SMB_VFS_OP_REWINDDIR,
117 /* File operations */
121 SMB_VFS_OP_CREATE_FILE,
125 SMB_VFS_OP_PREAD_SEND,
126 SMB_VFS_OP_PREAD_RECV,
129 SMB_VFS_OP_PWRITE_SEND,
130 SMB_VFS_OP_PWRITE_RECV,
135 SMB_VFS_OP_FSYNC_SEND,
136 SMB_VFS_OP_FSYNC_RECV,
141 SMB_VFS_OP_GET_ALLOC_SIZE,
150 SMB_VFS_OP_FTRUNCATE,
151 SMB_VFS_OP_FALLOCATE,
153 SMB_VFS_OP_FILESYSTEM_SHAREMODE,
155 SMB_VFS_OP_LINUX_SETLEASE,
157 SMB_VFS_OP_SYMLINKAT,
158 SMB_VFS_OP_READLINKAT,
163 SMB_VFS_OP_FILE_ID_CREATE,
164 SMB_VFS_OP_FS_FILE_ID,
165 SMB_VFS_OP_FSTREAMINFO,
166 SMB_VFS_OP_GET_REAL_FILENAME,
167 SMB_VFS_OP_GET_REAL_FILENAME_AT,
168 SMB_VFS_OP_CONNECTPATH,
169 SMB_VFS_OP_BRL_LOCK_WINDOWS,
170 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
171 SMB_VFS_OP_STRICT_LOCK_CHECK,
172 SMB_VFS_OP_TRANSLATE_NAME,
173 SMB_VFS_OP_PARENT_PATHNAME,
175 SMB_VFS_OP_OFFLOAD_READ_SEND,
176 SMB_VFS_OP_OFFLOAD_READ_RECV,
177 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
178 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
179 SMB_VFS_OP_FGET_COMPRESSION,
180 SMB_VFS_OP_SET_COMPRESSION,
181 SMB_VFS_OP_SNAP_CHECK_PATH,
182 SMB_VFS_OP_SNAP_CREATE,
183 SMB_VFS_OP_SNAP_DELETE,
185 /* DOS attribute operations. */
186 SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
187 SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
188 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
189 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
191 /* NT ACL operations. */
193 SMB_VFS_OP_FGET_NT_ACL,
194 SMB_VFS_OP_FSET_NT_ACL,
195 SMB_VFS_OP_AUDIT_FILE,
197 /* POSIX ACL operations. */
199 SMB_VFS_OP_SYS_ACL_GET_FD,
200 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
201 SMB_VFS_OP_SYS_ACL_SET_FD,
202 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD,
205 SMB_VFS_OP_GETXATTRAT_SEND,
206 SMB_VFS_OP_GETXATTRAT_RECV,
207 SMB_VFS_OP_FGETXATTR,
208 SMB_VFS_OP_FLISTXATTR,
209 SMB_VFS_OP_REMOVEXATTR,
210 SMB_VFS_OP_FREMOVEXATTR,
211 SMB_VFS_OP_FSETXATTR,
214 SMB_VFS_OP_AIO_FORCE,
216 /* offline operations */
217 SMB_VFS_OP_IS_OFFLINE,
218 SMB_VFS_OP_SET_OFFLINE,
220 /* Durable handle operations. */
221 SMB_VFS_OP_DURABLE_COOKIE,
222 SMB_VFS_OP_DURABLE_DISCONNECT,
223 SMB_VFS_OP_DURABLE_RECONNECT,
225 SMB_VFS_OP_FREADDIR_ATTR,
227 /* This should always be last enum value */
232 /* The following array *must* be in the same order as defined in vfs_op_type */
238 { SMB_VFS_OP_CONNECT, "connect" },
239 { SMB_VFS_OP_DISCONNECT, "disconnect" },
240 { SMB_VFS_OP_DISK_FREE, "disk_free" },
241 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
242 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
243 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
244 { SMB_VFS_OP_STATVFS, "statvfs" },
245 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
246 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
247 { SMB_VFS_OP_CREATE_DFS_PATHAT, "create_dfs_pathat" },
248 { SMB_VFS_OP_READ_DFS_PATHAT, "read_dfs_pathat" },
249 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
250 { SMB_VFS_OP_READDIR, "readdir" },
251 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
252 { SMB_VFS_OP_MKDIRAT, "mkdirat" },
253 { SMB_VFS_OP_CLOSEDIR, "closedir" },
254 { SMB_VFS_OP_OPEN, "open" },
255 { SMB_VFS_OP_OPENAT, "openat" },
256 { SMB_VFS_OP_CREATE_FILE, "create_file" },
257 { SMB_VFS_OP_CLOSE, "close" },
258 { SMB_VFS_OP_READ, "read" },
259 { SMB_VFS_OP_PREAD, "pread" },
260 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
261 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
262 { SMB_VFS_OP_WRITE, "write" },
263 { SMB_VFS_OP_PWRITE, "pwrite" },
264 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
265 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
266 { SMB_VFS_OP_LSEEK, "lseek" },
267 { SMB_VFS_OP_SENDFILE, "sendfile" },
268 { SMB_VFS_OP_RECVFILE, "recvfile" },
269 { SMB_VFS_OP_RENAMEAT, "renameat" },
270 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
271 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
272 { SMB_VFS_OP_STAT, "stat" },
273 { SMB_VFS_OP_FSTAT, "fstat" },
274 { SMB_VFS_OP_LSTAT, "lstat" },
275 { SMB_VFS_OP_FSTATAT, "fstatat" },
276 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
277 { SMB_VFS_OP_UNLINKAT, "unlinkat" },
278 { SMB_VFS_OP_FCHMOD, "fchmod" },
279 { SMB_VFS_OP_FCHOWN, "fchown" },
280 { SMB_VFS_OP_LCHOWN, "lchown" },
281 { SMB_VFS_OP_CHDIR, "chdir" },
282 { SMB_VFS_OP_GETWD, "getwd" },
283 { SMB_VFS_OP_NTIMES, "ntimes" },
284 { SMB_VFS_OP_FNTIMES, "fntimes" },
285 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
286 { SMB_VFS_OP_FALLOCATE,"fallocate" },
287 { SMB_VFS_OP_LOCK, "lock" },
288 { SMB_VFS_OP_FILESYSTEM_SHAREMODE, "filesystem_sharemode" },
289 { SMB_VFS_OP_FCNTL, "fcntl" },
290 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
291 { SMB_VFS_OP_GETLOCK, "getlock" },
292 { SMB_VFS_OP_SYMLINKAT, "symlinkat" },
293 { SMB_VFS_OP_READLINKAT,"readlinkat" },
294 { SMB_VFS_OP_LINKAT, "linkat" },
295 { SMB_VFS_OP_MKNODAT, "mknodat" },
296 { SMB_VFS_OP_REALPATH, "realpath" },
297 { SMB_VFS_OP_FCHFLAGS, "fchflags" },
298 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
299 { SMB_VFS_OP_FS_FILE_ID, "fs_file_id" },
300 { SMB_VFS_OP_FSTREAMINFO, "fstreaminfo" },
301 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
302 { SMB_VFS_OP_GET_REAL_FILENAME_AT, "get_real_filename_at" },
303 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
304 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
305 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
306 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
307 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
308 { SMB_VFS_OP_PARENT_PATHNAME, "parent_pathname" },
309 { SMB_VFS_OP_FSCTL, "fsctl" },
310 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
311 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
312 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
313 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
314 { SMB_VFS_OP_FGET_COMPRESSION, "fget_compression" },
315 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
316 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
317 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
318 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
319 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, "get_dos_attributes_send" },
320 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, "get_dos_attributes_recv" },
321 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
322 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
323 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
324 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
325 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
326 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
327 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
328 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
329 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD, "sys_acl_delete_def_fd" },
330 { SMB_VFS_OP_GETXATTRAT_SEND, "getxattrat_send" },
331 { SMB_VFS_OP_GETXATTRAT_RECV, "getxattrat_recv" },
332 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
333 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
334 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
335 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
336 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
337 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
338 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
339 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
340 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
341 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
342 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
343 { SMB_VFS_OP_FREADDIR_ATTR, "freaddir_attr" },
344 { SMB_VFS_OP_LAST, NULL }
347 static int audit_syslog_facility(vfs_handle_struct *handle)
349 static const struct enum_list enum_log_facilities[] = {
351 { LOG_AUTH, "AUTH" },
354 { LOG_AUTHPRIV, "AUTHPRIV" },
357 { LOG_AUDIT, "AUDIT" },
360 { LOG_CONSOLE, "CONSOLE" },
363 { LOG_CRON, "CRON" },
366 { LOG_DAEMON, "DAEMON" },
372 { LOG_INSTALL, "INSTALL" },
375 { LOG_KERN, "KERN" },
378 { LOG_LAUNCHD, "LAUNCHD" },
381 { LOG_LFMT, "LFMT" },
387 { LOG_MAIL, "MAIL" },
390 { LOG_MEGASAFE, "MEGASAFE" },
393 { LOG_NETINFO, "NETINFO" },
396 { LOG_NEWS, "NEWS" },
398 #ifdef LOG_NFACILITIES
399 { LOG_NFACILITIES, "NFACILITIES" },
407 #ifdef LOG_REMOTEAUTH
408 { LOG_REMOTEAUTH, "REMOTEAUTH" },
411 { LOG_SECURITY, "SECURITY" },
414 { LOG_SYSLOG, "SYSLOG" },
417 { LOG_USER, "USER" },
420 { LOG_UUCP, "UUCP" },
422 { LOG_LOCAL0, "LOCAL0" },
423 { LOG_LOCAL1, "LOCAL1" },
424 { LOG_LOCAL2, "LOCAL2" },
425 { LOG_LOCAL3, "LOCAL3" },
426 { LOG_LOCAL4, "LOCAL4" },
427 { LOG_LOCAL5, "LOCAL5" },
428 { LOG_LOCAL6, "LOCAL6" },
429 { LOG_LOCAL7, "LOCAL7" },
435 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
440 static int audit_syslog_priority(vfs_handle_struct *handle)
442 static const struct enum_list enum_log_priorities[] = {
443 { LOG_EMERG, "EMERG" },
444 { LOG_ALERT, "ALERT" },
445 { LOG_CRIT, "CRIT" },
447 { LOG_WARNING, "WARNING" },
448 { LOG_NOTICE, "NOTICE" },
449 { LOG_INFO, "INFO" },
450 { LOG_DEBUG, "DEBUG" },
456 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
457 enum_log_priorities, LOG_NOTICE);
458 if (priority == -1) {
459 priority = LOG_WARNING;
465 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
467 const struct loadparm_substitution *lp_sub =
468 loadparm_s3_global_substitution();
472 prefix = talloc_strdup(ctx,
473 lp_parm_const_string(SNUM(conn), "full_audit",
478 result = talloc_sub_full(ctx,
479 lp_servicename(talloc_tos(), lp_sub, SNUM(conn)),
480 conn->session_info->unix_info->unix_name,
482 conn->session_info->unix_token->gid,
483 conn->session_info->unix_info->sanitized_username,
484 conn->session_info->info->domain_name,
490 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
492 if (pd->success_ops == NULL) {
496 return bitmap_query(pd->success_ops, op);
499 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
501 if (pd->failure_ops == NULL)
504 return bitmap_query(pd->failure_ops, op);
507 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
512 DBG_ERR("init_bitmap, ops list is empty (logic error)\n");
516 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
518 DBG_ERR("Could not alloc bitmap\n");
522 for (; *ops != NULL; ops += 1) {
527 if (strequal(*ops, "all")) {
528 for (i=0; i<SMB_VFS_OP_LAST; i++) {
534 if (strequal(*ops, "none")) {
544 for (i=0; i<SMB_VFS_OP_LAST; i++) {
545 if ((vfs_op_names[i].name == NULL)
546 || (vfs_op_names[i].type != i)) {
547 smb_panic("vfs_full_audit.c: name table not "
548 "in sync with vfs_op_type enums\n");
550 if (strequal(op, vfs_op_names[i].name)) {
559 if (i == SMB_VFS_OP_LAST) {
560 DBG_ERR("Could not find opname %s\n", *ops);
568 static const char *audit_opname(vfs_op_type op)
570 if (op >= SMB_VFS_OP_LAST)
571 return "INVALID VFS OP";
572 return vfs_op_names[op].name;
575 static TALLOC_CTX *tmp_do_log_ctx;
577 * Get us a temporary talloc context usable just for DEBUG arguments
579 static TALLOC_CTX *do_log_ctx(void)
581 if (tmp_do_log_ctx == NULL) {
582 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
584 return tmp_do_log_ctx;
587 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
588 const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
590 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
591 const char *format, ...)
593 struct vfs_full_audit_private_data *pd;
595 char *audit_pre = NULL;
599 SMB_VFS_HANDLE_GET_DATA(handle, pd,
600 struct vfs_full_audit_private_data,
603 if (success && (!log_success(pd, op)))
606 if (!success && (!log_failure(pd, op)))
610 fstrcpy(err_msg, "ok");
612 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
614 va_start(ap, format);
615 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
622 audit_pre = audit_prefix(talloc_tos(), handle->conn);
628 * Specify the facility to interoperate with other syslog
629 * callers (smbd for example).
631 priority = pd->syslog_priority | pd->syslog_facility;
633 syslog(priority, "%s|%s|%s|%s\n",
634 audit_pre ? audit_pre : "",
635 audit_opname(op), err_msg, op_msg);
637 DEBUG(1, ("%s|%s|%s|%s\n",
638 audit_pre ? audit_pre : "",
639 audit_opname(op), err_msg, op_msg));
642 TALLOC_FREE(audit_pre);
644 TALLOC_FREE(tmp_do_log_ctx);
648 * Return a string using the do_log_ctx()
650 static const char *smb_fname_str_do_log(struct connection_struct *conn,
651 const struct smb_filename *smb_fname)
656 if (smb_fname == NULL) {
660 if (smb_fname->base_name[0] != '/') {
661 char *abs_name = NULL;
662 struct smb_filename *fname_copy = cp_smb_filename(
665 if (fname_copy == NULL) {
669 if (!ISDOT(smb_fname->base_name)) {
670 abs_name = talloc_asprintf(do_log_ctx(),
672 conn->cwd_fsp->fsp_name->base_name,
673 smb_fname->base_name);
675 abs_name = talloc_strdup(do_log_ctx(),
676 conn->cwd_fsp->fsp_name->base_name);
678 if (abs_name == NULL) {
681 fname_copy->base_name = abs_name;
682 smb_fname = fname_copy;
685 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
686 if (!NT_STATUS_IS_OK(status)) {
693 * Return an fsp debug string using the do_log_ctx()
695 static const char *fsp_str_do_log(const struct files_struct *fsp)
697 return smb_fname_str_do_log(fsp->conn, fsp->fsp_name);
700 /* Implementation of vfs_ops. Pass everything on to the default
701 operation but log event first. */
703 static int smb_full_audit_connect(vfs_handle_struct *handle,
704 const char *svc, const char *user)
707 const char *none[] = { "none" };
708 struct vfs_full_audit_private_data *pd = NULL;
710 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
715 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
717 SMB_VFS_NEXT_DISCONNECT(handle);
721 pd->syslog_facility = audit_syslog_facility(handle);
722 if (pd->syslog_facility == -1) {
723 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
724 lp_parm_const_string(SNUM(handle->conn),
725 "full_audit", "facility",
727 SMB_VFS_NEXT_DISCONNECT(handle);
731 pd->syslog_priority = audit_syslog_priority(handle);
733 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
734 "full_audit", "log_secdesc", false);
736 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
737 "full_audit", "syslog", true);
741 openlog("smbd_audit", 0, pd->syslog_facility);
745 pd->success_ops = init_bitmap(
746 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
748 if (pd->success_ops == NULL) {
749 DBG_ERR("Invalid success operations list. Failing connect\n");
750 SMB_VFS_NEXT_DISCONNECT(handle);
753 pd->failure_ops = init_bitmap(
754 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
756 if (pd->failure_ops == NULL) {
757 DBG_ERR("Invalid failure operations list. Failing connect\n");
758 SMB_VFS_NEXT_DISCONNECT(handle);
762 /* Store the private data. */
763 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
764 struct vfs_full_audit_private_data, return -1);
766 do_log(SMB_VFS_OP_CONNECT, True, handle,
772 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
774 const struct loadparm_substitution *lp_sub =
775 loadparm_s3_global_substitution();
777 SMB_VFS_NEXT_DISCONNECT(handle);
779 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
780 "%s", lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn)));
782 /* The bitmaps will be disconnected when the private
786 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
787 const struct smb_filename *smb_fname,
794 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
796 /* Don't have a reasonable notion of failure here */
798 do_log(SMB_VFS_OP_DISK_FREE,
802 smb_fname_str_do_log(handle->conn, smb_fname));
807 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
808 const struct smb_filename *smb_fname,
809 enum SMB_QUOTA_TYPE qtype,
815 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
817 do_log(SMB_VFS_OP_GET_QUOTA,
821 smb_fname_str_do_log(handle->conn, smb_fname));
826 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
827 enum SMB_QUOTA_TYPE qtype, unid_t id,
832 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
834 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
839 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
840 struct files_struct *fsp,
841 struct shadow_copy_data *shadow_copy_data,
846 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
848 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
853 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
854 const struct smb_filename *smb_fname,
855 struct vfs_statvfs_struct *statbuf)
859 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
861 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
866 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
870 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
872 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
877 static NTSTATUS smb_full_audit_get_dfs_referrals(
878 struct vfs_handle_struct *handle,
879 struct dfs_GetDFSReferral *r)
883 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
885 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
891 static NTSTATUS smb_full_audit_create_dfs_pathat(struct vfs_handle_struct *handle,
892 struct files_struct *dirfsp,
893 const struct smb_filename *smb_fname,
894 const struct referral *reflist,
895 size_t referral_count)
898 struct smb_filename *full_fname = NULL;
900 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
903 if (full_fname == NULL) {
904 return NT_STATUS_NO_MEMORY;
907 status = SMB_VFS_NEXT_CREATE_DFS_PATHAT(handle,
913 do_log(SMB_VFS_OP_CREATE_DFS_PATHAT,
914 NT_STATUS_IS_OK(status),
917 smb_fname_str_do_log(handle->conn, full_fname));
919 TALLOC_FREE(full_fname);
923 static NTSTATUS smb_full_audit_read_dfs_pathat(struct vfs_handle_struct *handle,
925 struct files_struct *dirfsp,
926 struct smb_filename *smb_fname,
927 struct referral **ppreflist,
928 size_t *preferral_count)
930 struct smb_filename *full_fname = NULL;
933 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
936 if (full_fname == NULL) {
937 return NT_STATUS_NO_MEMORY;
940 status = SMB_VFS_NEXT_READ_DFS_PATHAT(handle,
947 do_log(SMB_VFS_OP_READ_DFS_PATHAT,
948 NT_STATUS_IS_OK(status),
951 smb_fname_str_do_log(handle->conn, full_fname));
953 TALLOC_FREE(full_fname);
957 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
959 const char *service_path,
964 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
966 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
972 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
974 const char *base_volume,
982 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
983 rw, base_path, snap_path);
984 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
989 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
996 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
998 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
1003 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
1004 files_struct *fsp, const char *mask, uint32_t attr)
1008 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
1010 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
1011 fsp_str_do_log(fsp));
1016 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
1017 struct files_struct *dirfsp,
1020 struct dirent *result;
1022 result = SMB_VFS_NEXT_READDIR(handle, dirfsp, dirp);
1024 /* This operation has no reasonable error condition
1025 * (End of dir is also failure), so always succeed.
1027 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1032 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1035 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1037 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1040 static int smb_full_audit_mkdirat(vfs_handle_struct *handle,
1041 struct files_struct *dirfsp,
1042 const struct smb_filename *smb_fname,
1045 struct smb_filename *full_fname = NULL;
1048 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1051 if (full_fname == NULL) {
1056 result = SMB_VFS_NEXT_MKDIRAT(handle,
1061 do_log(SMB_VFS_OP_MKDIRAT,
1065 smb_fname_str_do_log(handle->conn, full_fname));
1067 TALLOC_FREE(full_fname);
1072 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1077 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1079 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1084 static int smb_full_audit_openat(vfs_handle_struct *handle,
1085 const struct files_struct *dirfsp,
1086 const struct smb_filename *smb_fname,
1087 struct files_struct *fsp,
1088 const struct vfs_open_how *how)
1092 result = SMB_VFS_NEXT_OPENAT(handle, dirfsp, smb_fname, fsp, how);
1094 do_log(SMB_VFS_OP_OPENAT, (result >= 0), handle, "%s|%s",
1095 ((how->flags & O_WRONLY) || (how->flags & O_RDWR))?"w":"r",
1096 fsp_str_do_log(fsp));
1101 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1102 struct smb_request *req,
1103 struct files_struct *dirfsp,
1104 struct smb_filename *smb_fname,
1105 uint32_t access_mask,
1106 uint32_t share_access,
1107 uint32_t create_disposition,
1108 uint32_t create_options,
1109 uint32_t file_attributes,
1110 uint32_t oplock_request,
1111 const struct smb2_lease *lease,
1112 uint64_t allocation_size,
1113 uint32_t private_flags,
1114 struct security_descriptor *sd,
1115 struct ea_list *ea_list,
1116 files_struct **result_fsp,
1118 const struct smb2_create_blobs *in_context_blobs,
1119 struct smb2_create_blobs *out_context_blobs)
1122 const char* str_create_disposition;
1124 switch (create_disposition) {
1125 case FILE_SUPERSEDE:
1126 str_create_disposition = "supersede";
1128 case FILE_OVERWRITE_IF:
1129 str_create_disposition = "overwrite_if";
1132 str_create_disposition = "open";
1134 case FILE_OVERWRITE:
1135 str_create_disposition = "overwrite";
1138 str_create_disposition = "create";
1141 str_create_disposition = "open_if";
1144 str_create_disposition = "unknown";
1147 result = SMB_VFS_NEXT_CREATE_FILE(
1148 handle, /* handle */
1150 dirfsp, /* dirfsp */
1151 smb_fname, /* fname */
1152 access_mask, /* access_mask */
1153 share_access, /* share_access */
1154 create_disposition, /* create_disposition*/
1155 create_options, /* create_options */
1156 file_attributes, /* file_attributes */
1157 oplock_request, /* oplock_request */
1159 allocation_size, /* allocation_size */
1162 ea_list, /* ea_list */
1163 result_fsp, /* result */
1165 in_context_blobs, out_context_blobs); /* create context */
1167 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1168 "0x%x|%s|%s|%s", access_mask,
1169 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1170 str_create_disposition,
1171 smb_fname_str_do_log(handle->conn, smb_fname));
1176 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1180 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1182 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1183 fsp_str_do_log(fsp));
1188 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1189 void *data, size_t n, off_t offset)
1193 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1195 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1196 fsp_str_do_log(fsp));
1201 struct smb_full_audit_pread_state {
1202 vfs_handle_struct *handle;
1205 struct vfs_aio_state vfs_aio_state;
1208 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1210 static struct tevent_req *smb_full_audit_pread_send(
1211 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1212 struct tevent_context *ev, struct files_struct *fsp,
1213 void *data, size_t n, off_t offset)
1215 struct tevent_req *req, *subreq;
1216 struct smb_full_audit_pread_state *state;
1218 req = tevent_req_create(mem_ctx, &state,
1219 struct smb_full_audit_pread_state);
1221 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1222 fsp_str_do_log(fsp));
1225 state->handle = handle;
1228 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1230 if (tevent_req_nomem(subreq, req)) {
1231 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1232 fsp_str_do_log(fsp));
1233 return tevent_req_post(req, ev);
1235 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1237 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1241 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1243 struct tevent_req *req = tevent_req_callback_data(
1244 subreq, struct tevent_req);
1245 struct smb_full_audit_pread_state *state = tevent_req_data(
1246 req, struct smb_full_audit_pread_state);
1248 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1249 TALLOC_FREE(subreq);
1250 tevent_req_done(req);
1253 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1254 struct vfs_aio_state *vfs_aio_state)
1256 struct smb_full_audit_pread_state *state = tevent_req_data(
1257 req, struct smb_full_audit_pread_state);
1259 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1260 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1261 fsp_str_do_log(state->fsp));
1265 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1266 fsp_str_do_log(state->fsp));
1268 *vfs_aio_state = state->vfs_aio_state;
1272 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1273 const void *data, size_t n,
1278 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1280 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1281 fsp_str_do_log(fsp));
1286 struct smb_full_audit_pwrite_state {
1287 vfs_handle_struct *handle;
1290 struct vfs_aio_state vfs_aio_state;
1293 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1295 static struct tevent_req *smb_full_audit_pwrite_send(
1296 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1297 struct tevent_context *ev, struct files_struct *fsp,
1298 const void *data, size_t n, off_t offset)
1300 struct tevent_req *req, *subreq;
1301 struct smb_full_audit_pwrite_state *state;
1303 req = tevent_req_create(mem_ctx, &state,
1304 struct smb_full_audit_pwrite_state);
1306 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1307 fsp_str_do_log(fsp));
1310 state->handle = handle;
1313 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1315 if (tevent_req_nomem(subreq, req)) {
1316 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1317 fsp_str_do_log(fsp));
1318 return tevent_req_post(req, ev);
1320 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1322 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1323 fsp_str_do_log(fsp));
1327 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1329 struct tevent_req *req = tevent_req_callback_data(
1330 subreq, struct tevent_req);
1331 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1332 req, struct smb_full_audit_pwrite_state);
1334 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1335 TALLOC_FREE(subreq);
1336 tevent_req_done(req);
1339 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1340 struct vfs_aio_state *vfs_aio_state)
1342 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1343 req, struct smb_full_audit_pwrite_state);
1345 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1346 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1347 fsp_str_do_log(state->fsp));
1351 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1352 fsp_str_do_log(state->fsp));
1354 *vfs_aio_state = state->vfs_aio_state;
1358 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1359 off_t offset, int whence)
1363 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1365 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1366 "%s", fsp_str_do_log(fsp));
1371 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1372 files_struct *fromfsp,
1373 const DATA_BLOB *hdr, off_t offset,
1378 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1380 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1381 "%s", fsp_str_do_log(fromfsp));
1386 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1387 files_struct *tofsp,
1393 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1395 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1396 "%s", fsp_str_do_log(tofsp));
1401 static int smb_full_audit_renameat(vfs_handle_struct *handle,
1402 files_struct *srcfsp,
1403 const struct smb_filename *smb_fname_src,
1404 files_struct *dstfsp,
1405 const struct smb_filename *smb_fname_dst)
1409 struct smb_filename *full_fname_src = NULL;
1410 struct smb_filename *full_fname_dst = NULL;
1412 full_fname_src = full_path_from_dirfsp_atname(talloc_tos(),
1415 if (full_fname_src == NULL) {
1419 full_fname_dst = full_path_from_dirfsp_atname(talloc_tos(),
1422 if (full_fname_dst == NULL) {
1423 TALLOC_FREE(full_fname_src);
1428 result = SMB_VFS_NEXT_RENAMEAT(handle,
1435 saved_errno = errno;
1437 do_log(SMB_VFS_OP_RENAMEAT, (result >= 0), handle, "%s|%s",
1438 smb_fname_str_do_log(handle->conn, full_fname_src),
1439 smb_fname_str_do_log(handle->conn, full_fname_dst));
1441 TALLOC_FREE(full_fname_src);
1442 TALLOC_FREE(full_fname_dst);
1445 errno = saved_errno;
1450 struct smb_full_audit_fsync_state {
1451 vfs_handle_struct *handle;
1454 struct vfs_aio_state vfs_aio_state;
1457 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1459 static struct tevent_req *smb_full_audit_fsync_send(
1460 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1461 struct tevent_context *ev, struct files_struct *fsp)
1463 struct tevent_req *req, *subreq;
1464 struct smb_full_audit_fsync_state *state;
1466 req = tevent_req_create(mem_ctx, &state,
1467 struct smb_full_audit_fsync_state);
1469 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1470 fsp_str_do_log(fsp));
1473 state->handle = handle;
1476 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1477 if (tevent_req_nomem(subreq, req)) {
1478 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1479 fsp_str_do_log(fsp));
1480 return tevent_req_post(req, ev);
1482 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1484 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1488 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1490 struct tevent_req *req = tevent_req_callback_data(
1491 subreq, struct tevent_req);
1492 struct smb_full_audit_fsync_state *state = tevent_req_data(
1493 req, struct smb_full_audit_fsync_state);
1495 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1496 TALLOC_FREE(subreq);
1497 tevent_req_done(req);
1500 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1501 struct vfs_aio_state *vfs_aio_state)
1503 struct smb_full_audit_fsync_state *state = tevent_req_data(
1504 req, struct smb_full_audit_fsync_state);
1506 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1507 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1508 fsp_str_do_log(state->fsp));
1512 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1513 fsp_str_do_log(state->fsp));
1515 *vfs_aio_state = state->vfs_aio_state;
1519 static int smb_full_audit_stat(vfs_handle_struct *handle,
1520 struct smb_filename *smb_fname)
1524 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1526 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1527 smb_fname_str_do_log(handle->conn, smb_fname));
1532 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1533 SMB_STRUCT_STAT *sbuf)
1537 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1539 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1540 fsp_str_do_log(fsp));
1545 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1546 struct smb_filename *smb_fname)
1550 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1552 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1553 smb_fname_str_do_log(handle->conn, smb_fname));
1558 static int smb_full_audit_fstatat(
1559 struct vfs_handle_struct *handle,
1560 const struct files_struct *dirfsp,
1561 const struct smb_filename *smb_fname,
1562 SMB_STRUCT_STAT *sbuf,
1567 result = SMB_VFS_NEXT_FSTATAT(handle, dirfsp, smb_fname, sbuf, flags);
1569 do_log(SMB_VFS_OP_FSTATAT,
1573 fsp_str_do_log(dirfsp),
1574 smb_fname_str_do_log(handle->conn, smb_fname));
1578 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1579 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1583 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1585 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1586 "%llu", (unsigned long long)result);
1591 static int smb_full_audit_unlinkat(vfs_handle_struct *handle,
1592 struct files_struct *dirfsp,
1593 const struct smb_filename *smb_fname,
1596 struct smb_filename *full_fname = NULL;
1599 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1602 if (full_fname == NULL) {
1606 result = SMB_VFS_NEXT_UNLINKAT(handle,
1611 do_log(SMB_VFS_OP_UNLINKAT, (result >= 0), handle, "%s",
1612 smb_fname_str_do_log(handle->conn, full_fname));
1614 TALLOC_FREE(full_fname);
1618 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1623 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1625 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1626 "%s|%o", fsp_str_do_log(fsp), mode);
1631 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1632 uid_t uid, gid_t gid)
1636 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1638 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1639 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1644 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1645 const struct smb_filename *smb_fname,
1651 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1653 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1654 smb_fname->base_name, (long int)uid, (long int)gid);
1659 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1660 const struct smb_filename *smb_fname)
1664 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1666 do_log(SMB_VFS_OP_CHDIR,
1670 smb_fname_str_do_log(handle->conn, smb_fname));
1675 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1678 struct smb_filename *result;
1680 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1682 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1683 result == NULL? "" : result->base_name);
1688 static int smb_full_audit_fntimes(vfs_handle_struct *handle,
1690 struct smb_file_time *ft)
1693 time_t create_time = convert_timespec_to_time_t(ft->create_time);
1694 time_t atime = convert_timespec_to_time_t(ft->atime);
1695 time_t mtime = convert_timespec_to_time_t(ft->mtime);
1696 time_t ctime = convert_timespec_to_time_t(ft->ctime);
1697 const char *create_time_str = "";
1698 const char *atime_str = "";
1699 const char *mtime_str = "";
1700 const char *ctime_str = "";
1701 TALLOC_CTX *frame = talloc_stackframe();
1703 if (frame == NULL) {
1708 result = SMB_VFS_NEXT_FNTIMES(handle, fsp, ft);
1710 if (create_time > 0) {
1711 create_time_str = timestring(frame, create_time);
1714 atime_str = timestring(frame, atime);
1717 mtime_str = timestring(frame, mtime);
1720 ctime_str = timestring(frame, ctime);
1723 do_log(SMB_VFS_OP_FNTIMES,
1727 fsp_str_do_log(fsp),
1738 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1743 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1745 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1746 "%s", fsp_str_do_log(fsp));
1751 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1758 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1760 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1761 "%s", fsp_str_do_log(fsp));
1766 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1767 int op, off_t offset, off_t count, int type)
1771 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1773 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1778 static int smb_full_audit_filesystem_sharemode(struct vfs_handle_struct *handle,
1779 struct files_struct *fsp,
1780 uint32_t share_access,
1781 uint32_t access_mask)
1785 result = SMB_VFS_NEXT_FILESYSTEM_SHAREMODE(handle,
1790 do_log(SMB_VFS_OP_FILESYSTEM_SHAREMODE, (result >= 0), handle, "%s",
1791 fsp_str_do_log(fsp));
1796 static int smb_full_audit_fcntl(struct vfs_handle_struct *handle,
1797 struct files_struct *fsp,
1798 int cmd, va_list cmd_arg)
1801 va_list dup_cmd_arg;
1804 va_copy(dup_cmd_arg, cmd_arg);
1805 arg = va_arg(dup_cmd_arg, void *);
1806 result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
1807 va_end(dup_cmd_arg);
1809 do_log(SMB_VFS_OP_FCNTL, (result >= 0), handle, "%s",
1810 fsp_str_do_log(fsp));
1815 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1820 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1822 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1823 fsp_str_do_log(fsp));
1828 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1829 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1833 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1835 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1840 static int smb_full_audit_symlinkat(vfs_handle_struct *handle,
1841 const struct smb_filename *link_contents,
1842 struct files_struct *dirfsp,
1843 const struct smb_filename *new_smb_fname)
1845 struct smb_filename *full_fname = NULL;
1848 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1851 if (full_fname == NULL) {
1855 result = SMB_VFS_NEXT_SYMLINKAT(handle,
1860 do_log(SMB_VFS_OP_SYMLINKAT,
1864 link_contents->base_name,
1865 smb_fname_str_do_log(handle->conn, full_fname));
1867 TALLOC_FREE(full_fname);
1872 static int smb_full_audit_readlinkat(vfs_handle_struct *handle,
1873 const struct files_struct *dirfsp,
1874 const struct smb_filename *smb_fname,
1878 struct smb_filename *full_fname = NULL;
1881 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1884 if (full_fname == NULL) {
1888 result = SMB_VFS_NEXT_READLINKAT(handle,
1894 do_log(SMB_VFS_OP_READLINKAT,
1898 smb_fname_str_do_log(handle->conn, full_fname));
1900 TALLOC_FREE(full_fname);
1905 static int smb_full_audit_linkat(vfs_handle_struct *handle,
1906 files_struct *srcfsp,
1907 const struct smb_filename *old_smb_fname,
1908 files_struct *dstfsp,
1909 const struct smb_filename *new_smb_fname,
1912 struct smb_filename *old_full_fname = NULL;
1913 struct smb_filename *new_full_fname = NULL;
1916 old_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1919 if (old_full_fname == NULL) {
1922 new_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1925 if (new_full_fname == NULL) {
1926 TALLOC_FREE(old_full_fname);
1929 result = SMB_VFS_NEXT_LINKAT(handle,
1936 do_log(SMB_VFS_OP_LINKAT,
1940 smb_fname_str_do_log(handle->conn, old_full_fname),
1941 smb_fname_str_do_log(handle->conn, new_full_fname));
1943 TALLOC_FREE(old_full_fname);
1944 TALLOC_FREE(new_full_fname);
1949 static int smb_full_audit_mknodat(vfs_handle_struct *handle,
1950 files_struct *dirfsp,
1951 const struct smb_filename *smb_fname,
1955 struct smb_filename *full_fname = NULL;
1958 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1961 if (full_fname == NULL) {
1965 result = SMB_VFS_NEXT_MKNODAT(handle,
1971 do_log(SMB_VFS_OP_MKNODAT,
1975 smb_fname_str_do_log(handle->conn, full_fname));
1977 TALLOC_FREE(full_fname);
1982 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1984 const struct smb_filename *smb_fname)
1986 struct smb_filename *result_fname = NULL;
1988 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1990 do_log(SMB_VFS_OP_REALPATH,
1991 (result_fname != NULL),
1994 smb_fname_str_do_log(handle->conn, smb_fname));
1996 return result_fname;
1999 static int smb_full_audit_fchflags(vfs_handle_struct *handle,
2000 struct files_struct *fsp,
2005 result = SMB_VFS_NEXT_FCHFLAGS(handle, fsp, flags);
2007 do_log(SMB_VFS_OP_FCHFLAGS,
2011 smb_fname_str_do_log(handle->conn, fsp->fsp_name));
2016 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
2017 const SMB_STRUCT_STAT *sbuf)
2019 struct file_id id_zero = { 0 };
2020 struct file_id result;
2021 struct file_id_buf idbuf;
2023 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
2025 do_log(SMB_VFS_OP_FILE_ID_CREATE,
2026 !file_id_equal(&id_zero, &result),
2029 file_id_str_buf(result, &idbuf));
2034 static uint64_t smb_full_audit_fs_file_id(struct vfs_handle_struct *handle,
2035 const SMB_STRUCT_STAT *sbuf)
2039 result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf);
2041 do_log(SMB_VFS_OP_FS_FILE_ID,
2043 handle, "%" PRIu64, result);
2048 static NTSTATUS smb_full_audit_fstreaminfo(vfs_handle_struct *handle,
2049 struct files_struct *fsp,
2050 TALLOC_CTX *mem_ctx,
2051 unsigned int *pnum_streams,
2052 struct stream_struct **pstreams)
2056 result = SMB_VFS_NEXT_FSTREAMINFO(handle, fsp, mem_ctx,
2057 pnum_streams, pstreams);
2059 do_log(SMB_VFS_OP_FSTREAMINFO,
2060 NT_STATUS_IS_OK(result),
2063 smb_fname_str_do_log(handle->conn, fsp->fsp_name));
2068 static NTSTATUS smb_full_audit_get_real_filename_at(
2069 struct vfs_handle_struct *handle,
2070 struct files_struct *dirfsp,
2072 TALLOC_CTX *mem_ctx,
2077 result = SMB_VFS_NEXT_GET_REAL_FILENAME_AT(
2078 handle, dirfsp, name, mem_ctx, found_name);
2080 do_log(SMB_VFS_OP_GET_REAL_FILENAME_AT,
2081 NT_STATUS_IS_OK(result),
2084 fsp_str_dbg(dirfsp),
2086 NT_STATUS_IS_OK(result) ? *found_name : "");
2091 static const char *smb_full_audit_connectpath(
2092 vfs_handle_struct *handle,
2093 const struct files_struct *dirfsp,
2094 const struct smb_filename *smb_fname)
2098 result = SMB_VFS_NEXT_CONNECTPATH(handle, dirfsp, smb_fname);
2100 do_log(SMB_VFS_OP_CONNECTPATH,
2104 smb_fname_str_do_log(handle->conn, smb_fname));
2109 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
2110 struct byte_range_lock *br_lck,
2111 struct lock_struct *plock)
2115 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock);
2117 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
2118 "%s:%llu-%llu. type=%d.",
2119 fsp_str_do_log(brl_fsp(br_lck)),
2120 (unsigned long long)plock->start,
2121 (unsigned long long)plock->size,
2127 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
2128 struct byte_range_lock *br_lck,
2129 const struct lock_struct *plock)
2133 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock);
2135 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
2136 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
2137 (unsigned long long)plock->start,
2138 (unsigned long long)plock->size,
2144 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
2145 struct files_struct *fsp,
2146 struct lock_struct *plock)
2150 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
2152 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
2153 "%s:%llu-%llu:%d", fsp_str_do_log(fsp),
2154 (unsigned long long)plock->start,
2155 (unsigned long long)plock->size,
2161 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
2163 enum vfs_translate_direction direction,
2164 TALLOC_CTX *mem_ctx,
2169 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
2172 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
2177 static NTSTATUS smb_full_audit_parent_pathname(struct vfs_handle_struct *handle,
2178 TALLOC_CTX *mem_ctx,
2179 const struct smb_filename *smb_fname_in,
2180 struct smb_filename **parent_dir_out,
2181 struct smb_filename **atname_out)
2185 result = SMB_VFS_NEXT_PARENT_PATHNAME(handle,
2190 do_log(SMB_VFS_OP_CONNECTPATH,
2191 NT_STATUS_IS_OK(result),
2194 smb_fname_str_do_log(handle->conn, smb_fname_in));
2199 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
2200 struct files_struct *fsp,
2204 const uint8_t *_in_data,
2206 uint8_t **_out_data,
2207 uint32_t max_out_len,
2212 result = SMB_VFS_NEXT_FSCTL(handle,
2223 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
2228 static struct tevent_req *smb_full_audit_offload_read_send(
2229 TALLOC_CTX *mem_ctx,
2230 struct tevent_context *ev,
2231 struct vfs_handle_struct *handle,
2232 struct files_struct *fsp,
2238 struct tevent_req *req = NULL;
2240 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
2241 fsctl, ttl, offset, to_copy);
2243 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
2248 static NTSTATUS smb_full_audit_offload_read_recv(
2249 struct tevent_req *req,
2250 struct vfs_handle_struct *handle,
2251 TALLOC_CTX *mem_ctx,
2254 DATA_BLOB *_token_blob)
2258 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
2259 flags, xferlen, _token_blob);
2261 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
2266 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
2267 TALLOC_CTX *mem_ctx,
2268 struct tevent_context *ev,
2271 off_t transfer_offset,
2272 struct files_struct *dest_fsp,
2276 struct tevent_req *req;
2278 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
2279 fsctl, token, transfer_offset,
2280 dest_fsp, dest_off, num);
2282 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
2287 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
2288 struct tevent_req *req,
2293 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
2295 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
2300 static NTSTATUS smb_full_audit_fget_compression(vfs_handle_struct *handle,
2301 TALLOC_CTX *mem_ctx,
2302 struct files_struct *fsp,
2303 uint16_t *_compression_fmt)
2307 result = SMB_VFS_NEXT_FGET_COMPRESSION(handle, mem_ctx, fsp,
2310 do_log(SMB_VFS_OP_FGET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2312 fsp_str_do_log(fsp));
2317 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
2318 TALLOC_CTX *mem_ctx,
2319 struct files_struct *fsp,
2320 uint16_t compression_fmt)
2324 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
2327 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2328 "%s", fsp_str_do_log(fsp));
2333 static NTSTATUS smb_full_audit_freaddir_attr(struct vfs_handle_struct *handle,
2334 struct files_struct *fsp,
2335 TALLOC_CTX *mem_ctx,
2336 struct readdir_attr_data **pattr_data)
2340 status = SMB_VFS_NEXT_FREADDIR_ATTR(handle, fsp, mem_ctx, pattr_data);
2342 do_log(SMB_VFS_OP_FREADDIR_ATTR,
2343 NT_STATUS_IS_OK(status),
2346 fsp_str_do_log(fsp));
2351 struct smb_full_audit_get_dos_attributes_state {
2352 struct vfs_aio_state aio_state;
2353 vfs_handle_struct *handle;
2354 files_struct *dir_fsp;
2355 const struct smb_filename *smb_fname;
2359 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq);
2361 static struct tevent_req *smb_full_audit_get_dos_attributes_send(
2362 TALLOC_CTX *mem_ctx,
2363 struct tevent_context *ev,
2364 struct vfs_handle_struct *handle,
2365 files_struct *dir_fsp,
2366 struct smb_filename *smb_fname)
2368 struct tevent_req *req = NULL;
2369 struct smb_full_audit_get_dos_attributes_state *state = NULL;
2370 struct tevent_req *subreq = NULL;
2372 req = tevent_req_create(mem_ctx, &state,
2373 struct smb_full_audit_get_dos_attributes_state);
2375 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2379 fsp_str_do_log(dir_fsp),
2380 smb_fname->base_name);
2383 *state = (struct smb_full_audit_get_dos_attributes_state) {
2386 .smb_fname = smb_fname,
2389 subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx,
2394 if (tevent_req_nomem(subreq, req)) {
2395 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2399 fsp_str_do_log(dir_fsp),
2400 smb_fname->base_name);
2401 return tevent_req_post(req, ev);
2403 tevent_req_set_callback(subreq,
2404 smb_full_audit_get_dos_attributes_done,
2407 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2411 fsp_str_do_log(dir_fsp),
2412 smb_fname->base_name);
2417 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq)
2419 struct tevent_req *req =
2420 tevent_req_callback_data(subreq,
2422 struct smb_full_audit_get_dos_attributes_state *state =
2423 tevent_req_data(req,
2424 struct smb_full_audit_get_dos_attributes_state);
2427 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq,
2430 TALLOC_FREE(subreq);
2431 if (tevent_req_nterror(req, status)) {
2435 tevent_req_done(req);
2439 static NTSTATUS smb_full_audit_get_dos_attributes_recv(struct tevent_req *req,
2440 struct vfs_aio_state *aio_state,
2443 struct smb_full_audit_get_dos_attributes_state *state =
2444 tevent_req_data(req,
2445 struct smb_full_audit_get_dos_attributes_state);
2448 if (tevent_req_is_nterror(req, &status)) {
2449 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2453 fsp_str_do_log(state->dir_fsp),
2454 state->smb_fname->base_name);
2455 tevent_req_received(req);
2459 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2463 fsp_str_do_log(state->dir_fsp),
2464 state->smb_fname->base_name);
2466 *aio_state = state->aio_state;
2467 *dosmode = state->dosmode;
2468 tevent_req_received(req);
2469 return NT_STATUS_OK;
2472 static NTSTATUS smb_full_audit_fget_dos_attributes(
2473 struct vfs_handle_struct *handle,
2474 struct files_struct *fsp,
2479 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2483 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2484 NT_STATUS_IS_OK(status),
2487 fsp_str_do_log(fsp));
2492 static NTSTATUS smb_full_audit_fset_dos_attributes(
2493 struct vfs_handle_struct *handle,
2494 struct files_struct *fsp,
2499 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2503 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2504 NT_STATUS_IS_OK(status),
2507 fsp_str_do_log(fsp));
2512 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2513 uint32_t security_info,
2514 TALLOC_CTX *mem_ctx,
2515 struct security_descriptor **ppdesc)
2519 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2522 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2523 "%s", fsp_str_do_log(fsp));
2528 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2529 uint32_t security_info_sent,
2530 const struct security_descriptor *psd)
2532 struct vfs_full_audit_private_data *pd;
2536 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2537 struct vfs_full_audit_private_data,
2538 return NT_STATUS_INTERNAL_ERROR);
2540 if (pd->log_secdesc) {
2541 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2544 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2546 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2547 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2554 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2555 struct smb_filename *file,
2556 struct security_acl *sacl,
2557 uint32_t access_requested,
2558 uint32_t access_denied)
2562 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2568 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2570 smb_fname_str_do_log(handle->conn, file));
2575 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2577 SMB_ACL_TYPE_T type,
2578 TALLOC_CTX *mem_ctx)
2582 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle,
2587 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2588 "%s", fsp_str_do_log(fsp));
2593 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2595 TALLOC_CTX *mem_ctx,
2596 char **blob_description,
2601 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2603 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2604 "%s", fsp_str_do_log(fsp));
2609 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle,
2610 struct files_struct *fsp,
2611 SMB_ACL_TYPE_T type,
2616 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, type, theacl);
2618 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2619 "%s", fsp_str_do_log(fsp));
2624 static int smb_full_audit_sys_acl_delete_def_fd(vfs_handle_struct *handle,
2625 struct files_struct *fsp)
2629 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FD(handle, fsp);
2631 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FD,
2635 fsp_str_do_log(fsp));
2640 struct smb_full_audit_getxattrat_state {
2641 struct vfs_aio_state aio_state;
2642 vfs_handle_struct *handle;
2643 files_struct *dir_fsp;
2644 const struct smb_filename *smb_fname;
2645 const char *xattr_name;
2647 uint8_t *xattr_value;
2650 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq);
2652 static struct tevent_req *smb_full_audit_getxattrat_send(
2653 TALLOC_CTX *mem_ctx,
2654 struct tevent_context *ev,
2655 struct vfs_handle_struct *handle,
2656 files_struct *dir_fsp,
2657 const struct smb_filename *smb_fname,
2658 const char *xattr_name,
2661 struct tevent_req *req = NULL;
2662 struct tevent_req *subreq = NULL;
2663 struct smb_full_audit_getxattrat_state *state = NULL;
2665 req = tevent_req_create(mem_ctx, &state,
2666 struct smb_full_audit_getxattrat_state);
2668 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2672 fsp_str_do_log(dir_fsp),
2673 smb_fname->base_name,
2677 *state = (struct smb_full_audit_getxattrat_state) {
2680 .smb_fname = smb_fname,
2681 .xattr_name = xattr_name,
2684 subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state,
2691 if (tevent_req_nomem(subreq, req)) {
2692 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2696 fsp_str_do_log(dir_fsp),
2697 smb_fname->base_name,
2699 return tevent_req_post(req, ev);
2701 tevent_req_set_callback(subreq, smb_full_audit_getxattrat_done, req);
2703 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2707 fsp_str_do_log(dir_fsp),
2708 smb_fname->base_name,
2714 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq)
2716 struct tevent_req *req = tevent_req_callback_data(
2717 subreq, struct tevent_req);
2718 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2719 req, struct smb_full_audit_getxattrat_state);
2721 state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq,
2724 &state->xattr_value);
2725 TALLOC_FREE(subreq);
2726 if (state->xattr_size == -1) {
2727 tevent_req_error(req, state->aio_state.error);
2731 tevent_req_done(req);
2734 static ssize_t smb_full_audit_getxattrat_recv(struct tevent_req *req,
2735 struct vfs_aio_state *aio_state,
2736 TALLOC_CTX *mem_ctx,
2737 uint8_t **xattr_value)
2739 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2740 req, struct smb_full_audit_getxattrat_state);
2743 if (tevent_req_is_unix_error(req, &aio_state->error)) {
2744 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2748 fsp_str_do_log(state->dir_fsp),
2749 state->smb_fname->base_name,
2751 tevent_req_received(req);
2755 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2759 fsp_str_do_log(state->dir_fsp),
2760 state->smb_fname->base_name,
2763 *aio_state = state->aio_state;
2764 xattr_size = state->xattr_size;
2765 if (xattr_value != NULL) {
2766 *xattr_value = talloc_move(mem_ctx, &state->xattr_value);
2769 tevent_req_received(req);
2773 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2774 struct files_struct *fsp,
2775 const char *name, void *value, size_t size)
2779 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2781 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2782 "%s|%s", fsp_str_do_log(fsp), name);
2787 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2788 struct files_struct *fsp, char *list,
2793 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2795 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2796 "%s", fsp_str_do_log(fsp));
2801 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2802 struct files_struct *fsp,
2807 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2809 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2810 "%s|%s", fsp_str_do_log(fsp), name);
2815 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2816 struct files_struct *fsp, const char *name,
2817 const void *value, size_t size, int flags)
2821 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2823 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2824 "%s|%s", fsp_str_do_log(fsp), name);
2829 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2830 struct files_struct *fsp)
2834 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2835 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2836 "%s", fsp_str_do_log(fsp));
2841 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2842 struct files_struct *fsp,
2843 TALLOC_CTX *mem_ctx,
2848 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2853 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2854 "%s", fsp_str_do_log(fsp));
2859 static NTSTATUS smb_full_audit_durable_disconnect(
2860 struct vfs_handle_struct *handle,
2861 struct files_struct *fsp,
2862 const DATA_BLOB old_cookie,
2863 TALLOC_CTX *mem_ctx,
2864 DATA_BLOB *new_cookie)
2868 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2874 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2875 "%s", fsp_str_do_log(fsp));
2880 static NTSTATUS smb_full_audit_durable_reconnect(
2881 struct vfs_handle_struct *handle,
2882 struct smb_request *smb1req,
2883 struct smbXsrv_open *op,
2884 const DATA_BLOB old_cookie,
2885 TALLOC_CTX *mem_ctx,
2886 struct files_struct **fsp,
2887 DATA_BLOB *new_cookie)
2891 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2899 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2900 NT_STATUS_IS_OK(result),
2907 static struct vfs_fn_pointers vfs_full_audit_fns = {
2909 /* Disk operations */
2911 .connect_fn = smb_full_audit_connect,
2912 .disconnect_fn = smb_full_audit_disconnect,
2913 .disk_free_fn = smb_full_audit_disk_free,
2914 .get_quota_fn = smb_full_audit_get_quota,
2915 .set_quota_fn = smb_full_audit_set_quota,
2916 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2917 .statvfs_fn = smb_full_audit_statvfs,
2918 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2919 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2920 .create_dfs_pathat_fn = smb_full_audit_create_dfs_pathat,
2921 .read_dfs_pathat_fn = smb_full_audit_read_dfs_pathat,
2922 .fdopendir_fn = smb_full_audit_fdopendir,
2923 .readdir_fn = smb_full_audit_readdir,
2924 .rewind_dir_fn = smb_full_audit_rewinddir,
2925 .mkdirat_fn = smb_full_audit_mkdirat,
2926 .closedir_fn = smb_full_audit_closedir,
2927 .openat_fn = smb_full_audit_openat,
2928 .create_file_fn = smb_full_audit_create_file,
2929 .close_fn = smb_full_audit_close,
2930 .pread_fn = smb_full_audit_pread,
2931 .pread_send_fn = smb_full_audit_pread_send,
2932 .pread_recv_fn = smb_full_audit_pread_recv,
2933 .pwrite_fn = smb_full_audit_pwrite,
2934 .pwrite_send_fn = smb_full_audit_pwrite_send,
2935 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2936 .lseek_fn = smb_full_audit_lseek,
2937 .sendfile_fn = smb_full_audit_sendfile,
2938 .recvfile_fn = smb_full_audit_recvfile,
2939 .renameat_fn = smb_full_audit_renameat,
2940 .fsync_send_fn = smb_full_audit_fsync_send,
2941 .fsync_recv_fn = smb_full_audit_fsync_recv,
2942 .stat_fn = smb_full_audit_stat,
2943 .fstat_fn = smb_full_audit_fstat,
2944 .lstat_fn = smb_full_audit_lstat,
2945 .fstatat_fn = smb_full_audit_fstatat,
2946 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2947 .unlinkat_fn = smb_full_audit_unlinkat,
2948 .fchmod_fn = smb_full_audit_fchmod,
2949 .fchown_fn = smb_full_audit_fchown,
2950 .lchown_fn = smb_full_audit_lchown,
2951 .chdir_fn = smb_full_audit_chdir,
2952 .getwd_fn = smb_full_audit_getwd,
2953 .fntimes_fn = smb_full_audit_fntimes,
2954 .ftruncate_fn = smb_full_audit_ftruncate,
2955 .fallocate_fn = smb_full_audit_fallocate,
2956 .lock_fn = smb_full_audit_lock,
2957 .filesystem_sharemode_fn = smb_full_audit_filesystem_sharemode,
2958 .fcntl_fn = smb_full_audit_fcntl,
2959 .linux_setlease_fn = smb_full_audit_linux_setlease,
2960 .getlock_fn = smb_full_audit_getlock,
2961 .symlinkat_fn = smb_full_audit_symlinkat,
2962 .readlinkat_fn = smb_full_audit_readlinkat,
2963 .linkat_fn = smb_full_audit_linkat,
2964 .mknodat_fn = smb_full_audit_mknodat,
2965 .realpath_fn = smb_full_audit_realpath,
2966 .fchflags_fn = smb_full_audit_fchflags,
2967 .file_id_create_fn = smb_full_audit_file_id_create,
2968 .fs_file_id_fn = smb_full_audit_fs_file_id,
2969 .offload_read_send_fn = smb_full_audit_offload_read_send,
2970 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
2971 .offload_write_send_fn = smb_full_audit_offload_write_send,
2972 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
2973 .fget_compression_fn = smb_full_audit_fget_compression,
2974 .set_compression_fn = smb_full_audit_set_compression,
2975 .snap_check_path_fn = smb_full_audit_snap_check_path,
2976 .snap_create_fn = smb_full_audit_snap_create,
2977 .snap_delete_fn = smb_full_audit_snap_delete,
2978 .fstreaminfo_fn = smb_full_audit_fstreaminfo,
2979 .get_real_filename_at_fn = smb_full_audit_get_real_filename_at,
2980 .connectpath_fn = smb_full_audit_connectpath,
2981 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2982 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2983 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
2984 .translate_name_fn = smb_full_audit_translate_name,
2985 .parent_pathname_fn = smb_full_audit_parent_pathname,
2986 .fsctl_fn = smb_full_audit_fsctl,
2987 .get_dos_attributes_send_fn = smb_full_audit_get_dos_attributes_send,
2988 .get_dos_attributes_recv_fn = smb_full_audit_get_dos_attributes_recv,
2989 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
2990 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
2991 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2992 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2993 .audit_file_fn = smb_full_audit_audit_file,
2994 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2995 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2996 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2997 .sys_acl_delete_def_fd_fn = smb_full_audit_sys_acl_delete_def_fd,
2998 .getxattrat_send_fn = smb_full_audit_getxattrat_send,
2999 .getxattrat_recv_fn = smb_full_audit_getxattrat_recv,
3000 .fgetxattr_fn = smb_full_audit_fgetxattr,
3001 .flistxattr_fn = smb_full_audit_flistxattr,
3002 .fremovexattr_fn = smb_full_audit_fremovexattr,
3003 .fsetxattr_fn = smb_full_audit_fsetxattr,
3004 .aio_force_fn = smb_full_audit_aio_force,
3005 .durable_cookie_fn = smb_full_audit_durable_cookie,
3006 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
3007 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
3008 .freaddir_attr_fn = smb_full_audit_freaddir_attr,
3012 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
3016 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
3018 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
3019 &vfs_full_audit_fns);
3021 if (!NT_STATUS_IS_OK(ret))
3024 vfs_full_audit_debug_level = debug_add_class("full_audit");
3025 if (vfs_full_audit_debug_level == -1) {
3026 vfs_full_audit_debug_level = DBGC_VFS;
3027 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
3030 DEBUG(10, ("vfs_full_audit: Debug class number of "
3031 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / samba.git / blob