2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir create_file
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp
42 * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist
43 * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt
44 * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt
46 * where "nobody" is the connected username and "192.168.234.1" is the
47 * client's IP address.
51 * prefix: A macro expansion template prepended to the syslog entry.
53 * success: A list of VFS operations for which a successful completion should
54 * be logged. Defaults to no logging at all. The special operation "all" logs
55 * - you guessed it - everything.
57 * failure: A list of VFS operations for which failure to complete should be
58 * logged. Defaults to logging everything.
63 #include "system/filesys.h"
64 #include "system/syslog.h"
65 #include "smbd/smbd.h"
66 #include "../librpc/gen_ndr/ndr_netlogon.h"
69 #include "lib/param/loadparm.h"
70 #include "lib/util/bitmap.h"
71 #include "lib/util/tevent_unix.h"
72 #include "libcli/security/sddl.h"
73 #include "passdb/machine_sid.h"
74 #include "lib/util/tevent_ntstatus.h"
76 static int vfs_full_audit_debug_level = DBGC_VFS;
78 struct vfs_full_audit_private_data {
79 struct bitmap *success_ops;
80 struct bitmap *failure_ops;
88 #define DBGC_CLASS vfs_full_audit_debug_level
90 typedef enum _vfs_op_type {
95 SMB_VFS_OP_CONNECT = 0,
96 SMB_VFS_OP_DISCONNECT,
100 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
102 SMB_VFS_OP_FS_CAPABILITIES,
103 SMB_VFS_OP_GET_DFS_REFERRALS,
104 SMB_VFS_OP_CREATE_DFS_PATHAT,
105 SMB_VFS_OP_READ_DFS_PATHAT,
107 /* Directory operations */
109 SMB_VFS_OP_FDOPENDIR,
113 SMB_VFS_OP_REWINDDIR,
117 /* File operations */
120 SMB_VFS_OP_CREATE_FILE,
124 SMB_VFS_OP_PREAD_SEND,
125 SMB_VFS_OP_PREAD_RECV,
128 SMB_VFS_OP_PWRITE_SEND,
129 SMB_VFS_OP_PWRITE_RECV,
135 SMB_VFS_OP_FSYNC_SEND,
136 SMB_VFS_OP_FSYNC_RECV,
140 SMB_VFS_OP_GET_ALLOC_SIZE,
149 SMB_VFS_OP_FTRUNCATE,
150 SMB_VFS_OP_FALLOCATE,
152 SMB_VFS_OP_KERNEL_FLOCK,
154 SMB_VFS_OP_LINUX_SETLEASE,
156 SMB_VFS_OP_SYMLINKAT,
157 SMB_VFS_OP_READLINKAT,
162 SMB_VFS_OP_FILE_ID_CREATE,
163 SMB_VFS_OP_FS_FILE_ID,
164 SMB_VFS_OP_STREAMINFO,
165 SMB_VFS_OP_GET_REAL_FILENAME,
166 SMB_VFS_OP_CONNECTPATH,
167 SMB_VFS_OP_BRL_LOCK_WINDOWS,
168 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
169 SMB_VFS_OP_STRICT_LOCK_CHECK,
170 SMB_VFS_OP_TRANSLATE_NAME,
172 SMB_VFS_OP_OFFLOAD_READ_SEND,
173 SMB_VFS_OP_OFFLOAD_READ_RECV,
174 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
175 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
176 SMB_VFS_OP_GET_COMPRESSION,
177 SMB_VFS_OP_SET_COMPRESSION,
178 SMB_VFS_OP_SNAP_CHECK_PATH,
179 SMB_VFS_OP_SNAP_CREATE,
180 SMB_VFS_OP_SNAP_DELETE,
182 /* DOS attribute operations. */
183 SMB_VFS_OP_GET_DOS_ATTRIBUTES,
184 SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
185 SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
186 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
187 SMB_VFS_OP_SET_DOS_ATTRIBUTES,
188 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
190 /* NT ACL operations. */
192 SMB_VFS_OP_FGET_NT_ACL,
193 SMB_VFS_OP_GET_NT_ACL,
194 SMB_VFS_OP_FSET_NT_ACL,
195 SMB_VFS_OP_AUDIT_FILE,
197 /* POSIX ACL operations. */
199 SMB_VFS_OP_SYS_ACL_GET_FILE,
200 SMB_VFS_OP_SYS_ACL_GET_FD,
201 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
202 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
203 SMB_VFS_OP_SYS_ACL_SET_FILE,
204 SMB_VFS_OP_SYS_ACL_SET_FD,
205 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
209 SMB_VFS_OP_GETXATTRAT_SEND,
210 SMB_VFS_OP_GETXATTRAT_RECV,
211 SMB_VFS_OP_FGETXATTR,
212 SMB_VFS_OP_LISTXATTR,
213 SMB_VFS_OP_FLISTXATTR,
214 SMB_VFS_OP_REMOVEXATTR,
215 SMB_VFS_OP_FREMOVEXATTR,
217 SMB_VFS_OP_FSETXATTR,
220 SMB_VFS_OP_AIO_FORCE,
222 /* offline operations */
223 SMB_VFS_OP_IS_OFFLINE,
224 SMB_VFS_OP_SET_OFFLINE,
226 /* Durable handle operations. */
227 SMB_VFS_OP_DURABLE_COOKIE,
228 SMB_VFS_OP_DURABLE_DISCONNECT,
229 SMB_VFS_OP_DURABLE_RECONNECT,
231 SMB_VFS_OP_READDIR_ATTR,
233 /* This should always be last enum value */
238 /* The following array *must* be in the same order as defined in vfs_op_type */
244 { SMB_VFS_OP_CONNECT, "connect" },
245 { SMB_VFS_OP_DISCONNECT, "disconnect" },
246 { SMB_VFS_OP_DISK_FREE, "disk_free" },
247 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
248 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
249 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
250 { SMB_VFS_OP_STATVFS, "statvfs" },
251 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
252 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
253 { SMB_VFS_OP_CREATE_DFS_PATHAT, "create_dfs_pathat" },
254 { SMB_VFS_OP_READ_DFS_PATHAT, "read_dfs_pathat" },
255 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
256 { SMB_VFS_OP_READDIR, "readdir" },
257 { SMB_VFS_OP_SEEKDIR, "seekdir" },
258 { SMB_VFS_OP_TELLDIR, "telldir" },
259 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
260 { SMB_VFS_OP_MKDIRAT, "mkdirat" },
261 { SMB_VFS_OP_CLOSEDIR, "closedir" },
262 { SMB_VFS_OP_OPEN, "open" },
263 { SMB_VFS_OP_CREATE_FILE, "create_file" },
264 { SMB_VFS_OP_CLOSE, "close" },
265 { SMB_VFS_OP_READ, "read" },
266 { SMB_VFS_OP_PREAD, "pread" },
267 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
268 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
269 { SMB_VFS_OP_WRITE, "write" },
270 { SMB_VFS_OP_PWRITE, "pwrite" },
271 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
272 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
273 { SMB_VFS_OP_LSEEK, "lseek" },
274 { SMB_VFS_OP_SENDFILE, "sendfile" },
275 { SMB_VFS_OP_RECVFILE, "recvfile" },
276 { SMB_VFS_OP_RENAMEAT, "renameat" },
277 { SMB_VFS_OP_FSYNC, "fsync" },
278 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
279 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
280 { SMB_VFS_OP_STAT, "stat" },
281 { SMB_VFS_OP_FSTAT, "fstat" },
282 { SMB_VFS_OP_LSTAT, "lstat" },
283 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
284 { SMB_VFS_OP_UNLINKAT, "unlinkat" },
285 { SMB_VFS_OP_CHMOD, "chmod" },
286 { SMB_VFS_OP_FCHMOD, "fchmod" },
287 { SMB_VFS_OP_FCHOWN, "fchown" },
288 { SMB_VFS_OP_LCHOWN, "lchown" },
289 { SMB_VFS_OP_CHDIR, "chdir" },
290 { SMB_VFS_OP_GETWD, "getwd" },
291 { SMB_VFS_OP_NTIMES, "ntimes" },
292 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
293 { SMB_VFS_OP_FALLOCATE,"fallocate" },
294 { SMB_VFS_OP_LOCK, "lock" },
295 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
296 { SMB_VFS_OP_FCNTL, "fcntl" },
297 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
298 { SMB_VFS_OP_GETLOCK, "getlock" },
299 { SMB_VFS_OP_SYMLINKAT, "symlinkat" },
300 { SMB_VFS_OP_READLINKAT,"readlinkat" },
301 { SMB_VFS_OP_LINKAT, "linkat" },
302 { SMB_VFS_OP_MKNODAT, "mknodat" },
303 { SMB_VFS_OP_REALPATH, "realpath" },
304 { SMB_VFS_OP_CHFLAGS, "chflags" },
305 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
306 { SMB_VFS_OP_FS_FILE_ID, "fs_file_id" },
307 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
308 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
309 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
310 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
311 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
312 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
313 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
314 { SMB_VFS_OP_FSCTL, "fsctl" },
315 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
316 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
317 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
318 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
319 { SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
320 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
321 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
322 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
323 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
324 { SMB_VFS_OP_GET_DOS_ATTRIBUTES, "get_dos_attributes" },
325 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, "get_dos_attributes_send" },
326 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, "get_dos_attributes_recv" },
327 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
328 { SMB_VFS_OP_SET_DOS_ATTRIBUTES, "set_dos_attributes" },
329 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
330 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
331 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
332 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
333 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
334 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
335 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
336 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
337 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
338 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
339 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
340 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
341 { SMB_VFS_OP_GETXATTR, "getxattr" },
342 { SMB_VFS_OP_GETXATTRAT_SEND, "getxattrat_send" },
343 { SMB_VFS_OP_GETXATTRAT_RECV, "getxattrat_recv" },
344 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
345 { SMB_VFS_OP_LISTXATTR, "listxattr" },
346 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
347 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
348 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
349 { SMB_VFS_OP_SETXATTR, "setxattr" },
350 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
351 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
352 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
353 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
354 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
355 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
356 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
357 { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
358 { SMB_VFS_OP_LAST, NULL }
361 static int audit_syslog_facility(vfs_handle_struct *handle)
363 static const struct enum_list enum_log_facilities[] = {
365 { LOG_AUTH, "AUTH" },
368 { LOG_AUTHPRIV, "AUTHPRIV" },
371 { LOG_AUDIT, "AUDIT" },
374 { LOG_CONSOLE, "CONSOLE" },
377 { LOG_CRON, "CRON" },
380 { LOG_DAEMON, "DAEMON" },
386 { LOG_INSTALL, "INSTALL" },
389 { LOG_KERN, "KERN" },
392 { LOG_LAUNCHD, "LAUNCHD" },
395 { LOG_LFMT, "LFMT" },
401 { LOG_MAIL, "MAIL" },
404 { LOG_MEGASAFE, "MEGASAFE" },
407 { LOG_NETINFO, "NETINFO" },
410 { LOG_NEWS, "NEWS" },
412 #ifdef LOG_NFACILITIES
413 { LOG_NFACILITIES, "NFACILITIES" },
421 #ifdef LOG_REMOTEAUTH
422 { LOG_REMOTEAUTH, "REMOTEAUTH" },
425 { LOG_SECURITY, "SECURITY" },
428 { LOG_SYSLOG, "SYSLOG" },
431 { LOG_USER, "USER" },
434 { LOG_UUCP, "UUCP" },
436 { LOG_LOCAL0, "LOCAL0" },
437 { LOG_LOCAL1, "LOCAL1" },
438 { LOG_LOCAL2, "LOCAL2" },
439 { LOG_LOCAL3, "LOCAL3" },
440 { LOG_LOCAL4, "LOCAL4" },
441 { LOG_LOCAL5, "LOCAL5" },
442 { LOG_LOCAL6, "LOCAL6" },
443 { LOG_LOCAL7, "LOCAL7" },
449 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
454 static int audit_syslog_priority(vfs_handle_struct *handle)
456 static const struct enum_list enum_log_priorities[] = {
457 { LOG_EMERG, "EMERG" },
458 { LOG_ALERT, "ALERT" },
459 { LOG_CRIT, "CRIT" },
461 { LOG_WARNING, "WARNING" },
462 { LOG_NOTICE, "NOTICE" },
463 { LOG_INFO, "INFO" },
464 { LOG_DEBUG, "DEBUG" },
470 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
471 enum_log_priorities, LOG_NOTICE);
472 if (priority == -1) {
473 priority = LOG_WARNING;
479 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
481 const struct loadparm_substitution *lp_sub =
482 loadparm_s3_global_substitution();
486 prefix = talloc_strdup(ctx,
487 lp_parm_const_string(SNUM(conn), "full_audit",
492 result = talloc_sub_full(ctx,
493 lp_servicename(talloc_tos(), lp_sub, SNUM(conn)),
494 conn->session_info->unix_info->unix_name,
496 conn->session_info->unix_token->gid,
497 conn->session_info->unix_info->sanitized_username,
498 conn->session_info->info->domain_name,
504 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
506 if (pd->success_ops == NULL) {
510 return bitmap_query(pd->success_ops, op);
513 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
515 if (pd->failure_ops == NULL)
518 return bitmap_query(pd->failure_ops, op);
521 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
529 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
531 DEBUG(0, ("Could not alloc bitmap -- "
532 "defaulting to logging everything\n"));
536 for (; *ops != NULL; ops += 1) {
541 if (strequal(*ops, "all")) {
542 for (i=0; i<SMB_VFS_OP_LAST; i++) {
548 if (strequal(*ops, "none")) {
558 for (i=0; i<SMB_VFS_OP_LAST; i++) {
559 if ((vfs_op_names[i].name == NULL)
560 || (vfs_op_names[i].type != i)) {
561 smb_panic("vfs_full_audit.c: name table not "
562 "in sync with vfs_op_type enums\n");
564 if (strequal(op, vfs_op_names[i].name)) {
573 if (i == SMB_VFS_OP_LAST) {
574 DEBUG(0, ("Could not find opname %s, logging all\n",
583 static const char *audit_opname(vfs_op_type op)
585 if (op >= SMB_VFS_OP_LAST)
586 return "INVALID VFS OP";
587 return vfs_op_names[op].name;
590 static TALLOC_CTX *tmp_do_log_ctx;
592 * Get us a temporary talloc context usable just for DEBUG arguments
594 static TALLOC_CTX *do_log_ctx(void)
596 if (tmp_do_log_ctx == NULL) {
597 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
599 return tmp_do_log_ctx;
602 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
603 const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
605 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
606 const char *format, ...)
608 struct vfs_full_audit_private_data *pd;
610 char *audit_pre = NULL;
614 SMB_VFS_HANDLE_GET_DATA(handle, pd,
615 struct vfs_full_audit_private_data,
618 if (success && (!log_success(pd, op)))
621 if (!success && (!log_failure(pd, op)))
625 fstrcpy(err_msg, "ok");
627 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
629 va_start(ap, format);
630 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
637 audit_pre = audit_prefix(talloc_tos(), handle->conn);
643 * Specify the facility to interoperate with other syslog
644 * callers (smbd for example).
646 priority = pd->syslog_priority | pd->syslog_facility;
648 syslog(priority, "%s|%s|%s|%s\n",
649 audit_pre ? audit_pre : "",
650 audit_opname(op), err_msg, op_msg);
652 DEBUG(1, ("%s|%s|%s|%s\n",
653 audit_pre ? audit_pre : "",
654 audit_opname(op), err_msg, op_msg));
657 TALLOC_FREE(audit_pre);
659 TALLOC_FREE(tmp_do_log_ctx);
663 * Return a string using the do_log_ctx()
665 static const char *smb_fname_str_do_log(struct connection_struct *conn,
666 const struct smb_filename *smb_fname)
671 if (smb_fname == NULL) {
675 if (smb_fname->base_name[0] != '/') {
676 char *abs_name = NULL;
677 struct smb_filename *fname_copy = cp_smb_filename(
680 if (fname_copy == NULL) {
684 if (!ISDOT(smb_fname->base_name)) {
685 abs_name = talloc_asprintf(do_log_ctx(),
687 conn->cwd_fsp->fsp_name->base_name,
688 smb_fname->base_name);
690 abs_name = talloc_strdup(do_log_ctx(),
691 conn->cwd_fsp->fsp_name->base_name);
693 if (abs_name == NULL) {
696 fname_copy->base_name = abs_name;
697 smb_fname = fname_copy;
700 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
701 if (!NT_STATUS_IS_OK(status)) {
708 * Return an fsp debug string using the do_log_ctx()
710 static const char *fsp_str_do_log(const struct files_struct *fsp)
712 return smb_fname_str_do_log(fsp->conn, fsp->fsp_name);
715 /* Implementation of vfs_ops. Pass everything on to the default
716 operation but log event first. */
718 static int smb_full_audit_connect(vfs_handle_struct *handle,
719 const char *svc, const char *user)
722 const char *none[] = { "none" };
723 struct vfs_full_audit_private_data *pd = NULL;
725 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
730 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
732 SMB_VFS_NEXT_DISCONNECT(handle);
736 pd->syslog_facility = audit_syslog_facility(handle);
737 if (pd->syslog_facility == -1) {
738 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
739 lp_parm_const_string(SNUM(handle->conn),
740 "full_audit", "facility",
742 SMB_VFS_NEXT_DISCONNECT(handle);
746 pd->syslog_priority = audit_syslog_priority(handle);
748 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
749 "full_audit", "log_secdesc", false);
751 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
752 "full_audit", "syslog", true);
756 openlog("smbd_audit", 0, pd->syslog_facility);
760 pd->success_ops = init_bitmap(
761 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
763 pd->failure_ops = init_bitmap(
764 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
767 /* Store the private data. */
768 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
769 struct vfs_full_audit_private_data, return -1);
771 do_log(SMB_VFS_OP_CONNECT, True, handle,
777 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
779 const struct loadparm_substitution *lp_sub =
780 loadparm_s3_global_substitution();
782 SMB_VFS_NEXT_DISCONNECT(handle);
784 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
785 "%s", lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn)));
787 /* The bitmaps will be disconnected when the private
791 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
792 const struct smb_filename *smb_fname,
799 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
801 /* Don't have a reasonable notion of failure here */
803 do_log(SMB_VFS_OP_DISK_FREE,
807 smb_fname_str_do_log(handle->conn, smb_fname));
812 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
813 const struct smb_filename *smb_fname,
814 enum SMB_QUOTA_TYPE qtype,
820 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
822 do_log(SMB_VFS_OP_GET_QUOTA,
826 smb_fname_str_do_log(handle->conn, smb_fname));
831 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
832 enum SMB_QUOTA_TYPE qtype, unid_t id,
837 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
839 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
844 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
845 struct files_struct *fsp,
846 struct shadow_copy_data *shadow_copy_data,
851 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
853 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
858 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
859 const struct smb_filename *smb_fname,
860 struct vfs_statvfs_struct *statbuf)
864 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
866 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
871 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
875 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
877 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
882 static NTSTATUS smb_full_audit_get_dfs_referrals(
883 struct vfs_handle_struct *handle,
884 struct dfs_GetDFSReferral *r)
888 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
890 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
896 static NTSTATUS smb_full_audit_create_dfs_pathat(struct vfs_handle_struct *handle,
897 struct files_struct *dirfsp,
898 const struct smb_filename *smb_fname,
899 const struct referral *reflist,
900 size_t referral_count)
904 status = SMB_VFS_NEXT_CREATE_DFS_PATHAT(handle,
910 do_log(SMB_VFS_OP_CREATE_DFS_PATHAT,
911 NT_STATUS_IS_OK(status),
914 smb_fname_str_do_log(handle->conn, smb_fname));
919 static NTSTATUS smb_full_audit_read_dfs_pathat(struct vfs_handle_struct *handle,
921 struct files_struct *dirfsp,
922 const struct smb_filename *smb_fname,
923 struct referral **ppreflist,
924 size_t *preferral_count)
928 status = SMB_VFS_NEXT_READ_DFS_PATHAT(handle,
935 do_log(SMB_VFS_OP_READ_DFS_PATHAT,
936 NT_STATUS_IS_OK(status),
939 smb_fname_str_do_log(handle->conn, smb_fname));
944 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
946 const char *service_path,
951 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
953 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
959 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
961 const char *base_volume,
969 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
970 rw, base_path, snap_path);
971 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
976 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
983 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
985 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
990 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
991 files_struct *fsp, const char *mask, uint32_t attr)
995 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
997 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
998 fsp_str_do_log(fsp));
1003 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
1004 DIR *dirp, SMB_STRUCT_STAT *sbuf)
1006 struct dirent *result;
1008 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
1010 /* This operation has no reasonable error condition
1011 * (End of dir is also failure), so always succeed.
1013 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1018 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
1019 DIR *dirp, long offset)
1021 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1023 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1026 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1031 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1033 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1038 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1041 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1043 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1046 static int smb_full_audit_mkdirat(vfs_handle_struct *handle,
1047 struct files_struct *dirfsp,
1048 const struct smb_filename *smb_fname,
1053 result = SMB_VFS_NEXT_MKDIRAT(handle,
1058 do_log(SMB_VFS_OP_MKDIRAT,
1062 smb_fname_str_do_log(handle->conn, smb_fname));
1067 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1072 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1074 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1079 static int smb_full_audit_open(vfs_handle_struct *handle,
1080 struct smb_filename *smb_fname,
1081 files_struct *fsp, int flags, mode_t mode)
1085 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
1087 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
1088 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1089 smb_fname_str_do_log(handle->conn, smb_fname));
1094 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1095 struct smb_request *req,
1096 uint16_t root_dir_fid,
1097 struct smb_filename *smb_fname,
1098 uint32_t access_mask,
1099 uint32_t share_access,
1100 uint32_t create_disposition,
1101 uint32_t create_options,
1102 uint32_t file_attributes,
1103 uint32_t oplock_request,
1104 const struct smb2_lease *lease,
1105 uint64_t allocation_size,
1106 uint32_t private_flags,
1107 struct security_descriptor *sd,
1108 struct ea_list *ea_list,
1109 files_struct **result_fsp,
1111 const struct smb2_create_blobs *in_context_blobs,
1112 struct smb2_create_blobs *out_context_blobs)
1115 const char* str_create_disposition;
1117 switch (create_disposition) {
1118 case FILE_SUPERSEDE:
1119 str_create_disposition = "supersede";
1121 case FILE_OVERWRITE_IF:
1122 str_create_disposition = "overwrite_if";
1125 str_create_disposition = "open";
1127 case FILE_OVERWRITE:
1128 str_create_disposition = "overwrite";
1131 str_create_disposition = "create";
1134 str_create_disposition = "open_if";
1137 str_create_disposition = "unknown";
1140 result = SMB_VFS_NEXT_CREATE_FILE(
1141 handle, /* handle */
1143 root_dir_fid, /* root_dir_fid */
1144 smb_fname, /* fname */
1145 access_mask, /* access_mask */
1146 share_access, /* share_access */
1147 create_disposition, /* create_disposition*/
1148 create_options, /* create_options */
1149 file_attributes, /* file_attributes */
1150 oplock_request, /* oplock_request */
1152 allocation_size, /* allocation_size */
1155 ea_list, /* ea_list */
1156 result_fsp, /* result */
1158 in_context_blobs, out_context_blobs); /* create context */
1160 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1161 "0x%x|%s|%s|%s", access_mask,
1162 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1163 str_create_disposition,
1164 smb_fname_str_do_log(handle->conn, smb_fname));
1169 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1173 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1175 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1176 fsp_str_do_log(fsp));
1181 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1182 void *data, size_t n, off_t offset)
1186 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1188 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1189 fsp_str_do_log(fsp));
1194 struct smb_full_audit_pread_state {
1195 vfs_handle_struct *handle;
1198 struct vfs_aio_state vfs_aio_state;
1201 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1203 static struct tevent_req *smb_full_audit_pread_send(
1204 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1205 struct tevent_context *ev, struct files_struct *fsp,
1206 void *data, size_t n, off_t offset)
1208 struct tevent_req *req, *subreq;
1209 struct smb_full_audit_pread_state *state;
1211 req = tevent_req_create(mem_ctx, &state,
1212 struct smb_full_audit_pread_state);
1214 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1215 fsp_str_do_log(fsp));
1218 state->handle = handle;
1221 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1223 if (tevent_req_nomem(subreq, req)) {
1224 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1225 fsp_str_do_log(fsp));
1226 return tevent_req_post(req, ev);
1228 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1230 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1234 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1236 struct tevent_req *req = tevent_req_callback_data(
1237 subreq, struct tevent_req);
1238 struct smb_full_audit_pread_state *state = tevent_req_data(
1239 req, struct smb_full_audit_pread_state);
1241 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1242 TALLOC_FREE(subreq);
1243 tevent_req_done(req);
1246 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1247 struct vfs_aio_state *vfs_aio_state)
1249 struct smb_full_audit_pread_state *state = tevent_req_data(
1250 req, struct smb_full_audit_pread_state);
1252 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1253 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1254 fsp_str_do_log(state->fsp));
1258 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1259 fsp_str_do_log(state->fsp));
1261 *vfs_aio_state = state->vfs_aio_state;
1265 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1266 const void *data, size_t n,
1271 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1273 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1274 fsp_str_do_log(fsp));
1279 struct smb_full_audit_pwrite_state {
1280 vfs_handle_struct *handle;
1283 struct vfs_aio_state vfs_aio_state;
1286 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1288 static struct tevent_req *smb_full_audit_pwrite_send(
1289 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1290 struct tevent_context *ev, struct files_struct *fsp,
1291 const void *data, size_t n, off_t offset)
1293 struct tevent_req *req, *subreq;
1294 struct smb_full_audit_pwrite_state *state;
1296 req = tevent_req_create(mem_ctx, &state,
1297 struct smb_full_audit_pwrite_state);
1299 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1300 fsp_str_do_log(fsp));
1303 state->handle = handle;
1306 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1308 if (tevent_req_nomem(subreq, req)) {
1309 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1310 fsp_str_do_log(fsp));
1311 return tevent_req_post(req, ev);
1313 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1315 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1316 fsp_str_do_log(fsp));
1320 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1322 struct tevent_req *req = tevent_req_callback_data(
1323 subreq, struct tevent_req);
1324 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1325 req, struct smb_full_audit_pwrite_state);
1327 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1328 TALLOC_FREE(subreq);
1329 tevent_req_done(req);
1332 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1333 struct vfs_aio_state *vfs_aio_state)
1335 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1336 req, struct smb_full_audit_pwrite_state);
1338 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1339 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1340 fsp_str_do_log(state->fsp));
1344 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1345 fsp_str_do_log(state->fsp));
1347 *vfs_aio_state = state->vfs_aio_state;
1351 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1352 off_t offset, int whence)
1356 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1358 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1359 "%s", fsp_str_do_log(fsp));
1364 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1365 files_struct *fromfsp,
1366 const DATA_BLOB *hdr, off_t offset,
1371 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1373 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1374 "%s", fsp_str_do_log(fromfsp));
1379 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1380 files_struct *tofsp,
1386 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1388 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1389 "%s", fsp_str_do_log(tofsp));
1394 static int smb_full_audit_renameat(vfs_handle_struct *handle,
1395 files_struct *srcfsp,
1396 const struct smb_filename *smb_fname_src,
1397 files_struct *dstfsp,
1398 const struct smb_filename *smb_fname_dst)
1402 result = SMB_VFS_NEXT_RENAMEAT(handle,
1408 do_log(SMB_VFS_OP_RENAMEAT, (result >= 0), handle, "%s|%s",
1409 smb_fname_str_do_log(handle->conn, smb_fname_src),
1410 smb_fname_str_do_log(handle->conn, smb_fname_dst));
1415 struct smb_full_audit_fsync_state {
1416 vfs_handle_struct *handle;
1419 struct vfs_aio_state vfs_aio_state;
1422 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1424 static struct tevent_req *smb_full_audit_fsync_send(
1425 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1426 struct tevent_context *ev, struct files_struct *fsp)
1428 struct tevent_req *req, *subreq;
1429 struct smb_full_audit_fsync_state *state;
1431 req = tevent_req_create(mem_ctx, &state,
1432 struct smb_full_audit_fsync_state);
1434 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1435 fsp_str_do_log(fsp));
1438 state->handle = handle;
1441 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1442 if (tevent_req_nomem(subreq, req)) {
1443 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1444 fsp_str_do_log(fsp));
1445 return tevent_req_post(req, ev);
1447 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1449 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1453 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1455 struct tevent_req *req = tevent_req_callback_data(
1456 subreq, struct tevent_req);
1457 struct smb_full_audit_fsync_state *state = tevent_req_data(
1458 req, struct smb_full_audit_fsync_state);
1460 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1461 TALLOC_FREE(subreq);
1462 tevent_req_done(req);
1465 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1466 struct vfs_aio_state *vfs_aio_state)
1468 struct smb_full_audit_fsync_state *state = tevent_req_data(
1469 req, struct smb_full_audit_fsync_state);
1471 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1472 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1473 fsp_str_do_log(state->fsp));
1477 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1478 fsp_str_do_log(state->fsp));
1480 *vfs_aio_state = state->vfs_aio_state;
1484 static int smb_full_audit_stat(vfs_handle_struct *handle,
1485 struct smb_filename *smb_fname)
1489 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1491 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1492 smb_fname_str_do_log(handle->conn, smb_fname));
1497 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1498 SMB_STRUCT_STAT *sbuf)
1502 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1504 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1505 fsp_str_do_log(fsp));
1510 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1511 struct smb_filename *smb_fname)
1515 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1517 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1518 smb_fname_str_do_log(handle->conn, smb_fname));
1523 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1524 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1528 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1530 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1531 "%llu", (unsigned long long)result);
1536 static int smb_full_audit_unlinkat(vfs_handle_struct *handle,
1537 struct files_struct *dirfsp,
1538 const struct smb_filename *smb_fname,
1543 result = SMB_VFS_NEXT_UNLINKAT(handle,
1548 do_log(SMB_VFS_OP_UNLINKAT, (result >= 0), handle, "%s",
1549 smb_fname_str_do_log(handle->conn, smb_fname));
1554 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1555 const struct smb_filename *smb_fname,
1560 result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
1562 do_log(SMB_VFS_OP_CHMOD,
1566 smb_fname_str_do_log(handle->conn, smb_fname),
1572 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1577 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1579 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1580 "%s|%o", fsp_str_do_log(fsp), mode);
1585 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1586 uid_t uid, gid_t gid)
1590 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1592 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1593 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1598 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1599 const struct smb_filename *smb_fname,
1605 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1607 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1608 smb_fname->base_name, (long int)uid, (long int)gid);
1613 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1614 const struct smb_filename *smb_fname)
1618 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1620 do_log(SMB_VFS_OP_CHDIR,
1624 smb_fname_str_do_log(handle->conn, smb_fname));
1629 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1632 struct smb_filename *result;
1634 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1636 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1637 result == NULL? "" : result->base_name);
1642 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1643 const struct smb_filename *smb_fname,
1644 struct smb_file_time *ft)
1647 time_t create_time = convert_timespec_to_time_t(ft->create_time);
1648 time_t atime = convert_timespec_to_time_t(ft->atime);
1649 time_t mtime = convert_timespec_to_time_t(ft->mtime);
1650 time_t ctime = convert_timespec_to_time_t(ft->ctime);
1651 const char *create_time_str = "";
1652 const char *atime_str = "";
1653 const char *mtime_str = "";
1654 const char *ctime_str = "";
1655 TALLOC_CTX *frame = talloc_stackframe();
1657 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1659 if (create_time > 0) {
1660 create_time_str = timestring(frame, create_time);
1663 atime_str = timestring(frame, atime);
1666 mtime_str = timestring(frame, mtime);
1669 ctime_str = timestring(frame, ctime);
1672 do_log(SMB_VFS_OP_NTIMES,
1676 smb_fname_str_do_log(handle->conn, smb_fname),
1687 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1692 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1694 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1695 "%s", fsp_str_do_log(fsp));
1700 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1707 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1709 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1710 "%s", fsp_str_do_log(fsp));
1715 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1716 int op, off_t offset, off_t count, int type)
1720 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1722 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1727 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1728 struct files_struct *fsp,
1729 uint32_t share_access,
1730 uint32_t access_mask)
1734 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle,
1739 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1740 fsp_str_do_log(fsp));
1745 static int smb_full_audit_fcntl(struct vfs_handle_struct *handle,
1746 struct files_struct *fsp,
1747 int cmd, va_list cmd_arg)
1750 va_list dup_cmd_arg;
1753 va_copy(dup_cmd_arg, cmd_arg);
1754 arg = va_arg(dup_cmd_arg, void *);
1755 result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
1756 va_end(dup_cmd_arg);
1758 do_log(SMB_VFS_OP_FCNTL, (result >= 0), handle, "%s",
1759 fsp_str_do_log(fsp));
1764 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1769 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1771 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1772 fsp_str_do_log(fsp));
1777 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1778 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1782 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1784 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1789 static int smb_full_audit_symlinkat(vfs_handle_struct *handle,
1790 const struct smb_filename *link_contents,
1791 struct files_struct *dirfsp,
1792 const struct smb_filename *new_smb_fname)
1796 result = SMB_VFS_NEXT_SYMLINKAT(handle,
1801 do_log(SMB_VFS_OP_SYMLINKAT,
1805 link_contents->base_name,
1806 smb_fname_str_do_log(handle->conn, new_smb_fname));
1811 static int smb_full_audit_readlinkat(vfs_handle_struct *handle,
1812 files_struct *dirfsp,
1813 const struct smb_filename *smb_fname,
1819 result = SMB_VFS_NEXT_READLINKAT(handle,
1825 do_log(SMB_VFS_OP_READLINKAT,
1829 smb_fname_str_do_log(handle->conn, smb_fname));
1834 static int smb_full_audit_linkat(vfs_handle_struct *handle,
1835 files_struct *srcfsp,
1836 const struct smb_filename *old_smb_fname,
1837 files_struct *dstfsp,
1838 const struct smb_filename *new_smb_fname,
1843 result = SMB_VFS_NEXT_LINKAT(handle,
1850 do_log(SMB_VFS_OP_LINKAT,
1854 smb_fname_str_do_log(handle->conn, old_smb_fname),
1855 smb_fname_str_do_log(handle->conn, new_smb_fname));
1860 static int smb_full_audit_mknodat(vfs_handle_struct *handle,
1861 files_struct *dirfsp,
1862 const struct smb_filename *smb_fname,
1868 result = SMB_VFS_NEXT_MKNODAT(handle,
1874 do_log(SMB_VFS_OP_MKNODAT,
1878 smb_fname_str_do_log(handle->conn, smb_fname));
1883 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1885 const struct smb_filename *smb_fname)
1887 struct smb_filename *result_fname = NULL;
1889 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1891 do_log(SMB_VFS_OP_REALPATH,
1892 (result_fname != NULL),
1895 smb_fname_str_do_log(handle->conn, smb_fname));
1897 return result_fname;
1900 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1901 const struct smb_filename *smb_fname,
1906 result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags);
1908 do_log(SMB_VFS_OP_CHFLAGS,
1912 smb_fname_str_do_log(handle->conn, smb_fname));
1917 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1918 const SMB_STRUCT_STAT *sbuf)
1920 struct file_id id_zero = { 0 };
1921 struct file_id result;
1922 struct file_id_buf idbuf;
1924 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1926 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1927 !file_id_equal(&id_zero, &result),
1930 file_id_str_buf(result, &idbuf));
1935 static uint64_t smb_full_audit_fs_file_id(struct vfs_handle_struct *handle,
1936 const SMB_STRUCT_STAT *sbuf)
1940 result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf);
1942 do_log(SMB_VFS_OP_FS_FILE_ID,
1944 handle, "%" PRIu64, result);
1949 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1950 struct files_struct *fsp,
1951 const struct smb_filename *smb_fname,
1952 TALLOC_CTX *mem_ctx,
1953 unsigned int *pnum_streams,
1954 struct stream_struct **pstreams)
1958 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx,
1959 pnum_streams, pstreams);
1961 do_log(SMB_VFS_OP_STREAMINFO,
1962 NT_STATUS_IS_OK(result),
1965 smb_fname_str_do_log(handle->conn, smb_fname));
1970 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1971 const struct smb_filename *path,
1973 TALLOC_CTX *mem_ctx,
1978 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1981 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1983 path->base_name, name, (result == 0) ? *found_name : "");
1988 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1989 const struct smb_filename *smb_fname)
1993 result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
1995 do_log(SMB_VFS_OP_CONNECTPATH,
1999 smb_fname_str_do_log(handle->conn, smb_fname));
2004 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
2005 struct byte_range_lock *br_lck,
2006 struct lock_struct *plock)
2010 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock);
2012 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
2013 "%s:%llu-%llu. type=%d.",
2014 fsp_str_do_log(brl_fsp(br_lck)),
2015 (unsigned long long)plock->start,
2016 (unsigned long long)plock->size,
2022 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
2023 struct byte_range_lock *br_lck,
2024 const struct lock_struct *plock)
2028 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock);
2030 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
2031 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
2032 (unsigned long long)plock->start,
2033 (unsigned long long)plock->size,
2039 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
2040 struct files_struct *fsp,
2041 struct lock_struct *plock)
2045 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
2047 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
2048 "%s:%llu-%llu:%d", fsp_str_do_log(fsp),
2049 (unsigned long long)plock->start,
2050 (unsigned long long)plock->size,
2056 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
2058 enum vfs_translate_direction direction,
2059 TALLOC_CTX *mem_ctx,
2064 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
2067 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
2072 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
2073 struct files_struct *fsp,
2077 const uint8_t *_in_data,
2079 uint8_t **_out_data,
2080 uint32_t max_out_len,
2085 result = SMB_VFS_NEXT_FSCTL(handle,
2096 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
2101 static struct tevent_req *smb_full_audit_offload_read_send(
2102 TALLOC_CTX *mem_ctx,
2103 struct tevent_context *ev,
2104 struct vfs_handle_struct *handle,
2105 struct files_struct *fsp,
2111 struct tevent_req *req = NULL;
2113 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
2114 fsctl, ttl, offset, to_copy);
2116 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
2121 static NTSTATUS smb_full_audit_offload_read_recv(
2122 struct tevent_req *req,
2123 struct vfs_handle_struct *handle,
2124 TALLOC_CTX *mem_ctx,
2125 DATA_BLOB *_token_blob)
2129 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
2132 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
2137 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
2138 TALLOC_CTX *mem_ctx,
2139 struct tevent_context *ev,
2142 off_t transfer_offset,
2143 struct files_struct *dest_fsp,
2147 struct tevent_req *req;
2149 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
2150 fsctl, token, transfer_offset,
2151 dest_fsp, dest_off, num);
2153 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
2158 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
2159 struct tevent_req *req,
2164 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
2166 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
2171 static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
2172 TALLOC_CTX *mem_ctx,
2173 struct files_struct *fsp,
2174 struct smb_filename *smb_fname,
2175 uint16_t *_compression_fmt)
2179 result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
2182 do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2184 (fsp ? fsp_str_do_log(fsp) :
2185 smb_fname_str_do_log(handle->conn, smb_fname)));
2190 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
2191 TALLOC_CTX *mem_ctx,
2192 struct files_struct *fsp,
2193 uint16_t compression_fmt)
2197 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
2200 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2201 "%s", fsp_str_do_log(fsp));
2206 static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
2207 const struct smb_filename *fname,
2208 TALLOC_CTX *mem_ctx,
2209 struct readdir_attr_data **pattr_data)
2213 status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
2215 do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
2216 smb_fname_str_do_log(handle->conn, fname));
2221 static NTSTATUS smb_full_audit_get_dos_attributes(
2222 struct vfs_handle_struct *handle,
2223 struct smb_filename *smb_fname,
2228 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
2232 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES,
2233 NT_STATUS_IS_OK(status),
2236 smb_fname_str_do_log(handle->conn, smb_fname));
2241 struct smb_full_audit_get_dos_attributes_state {
2242 struct vfs_aio_state aio_state;
2243 vfs_handle_struct *handle;
2244 files_struct *dir_fsp;
2245 const struct smb_filename *smb_fname;
2249 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq);
2251 static struct tevent_req *smb_full_audit_get_dos_attributes_send(
2252 TALLOC_CTX *mem_ctx,
2253 struct tevent_context *ev,
2254 struct vfs_handle_struct *handle,
2255 files_struct *dir_fsp,
2256 struct smb_filename *smb_fname)
2258 struct tevent_req *req = NULL;
2259 struct smb_full_audit_get_dos_attributes_state *state = NULL;
2260 struct tevent_req *subreq = NULL;
2262 req = tevent_req_create(mem_ctx, &state,
2263 struct smb_full_audit_get_dos_attributes_state);
2265 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2269 fsp_str_do_log(dir_fsp),
2270 smb_fname->base_name);
2273 *state = (struct smb_full_audit_get_dos_attributes_state) {
2276 .smb_fname = smb_fname,
2279 subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx,
2284 if (tevent_req_nomem(subreq, req)) {
2285 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2289 fsp_str_do_log(dir_fsp),
2290 smb_fname->base_name);
2291 return tevent_req_post(req, ev);
2293 tevent_req_set_callback(subreq,
2294 smb_full_audit_get_dos_attributes_done,
2297 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2301 fsp_str_do_log(dir_fsp),
2302 smb_fname->base_name);
2307 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq)
2309 struct tevent_req *req =
2310 tevent_req_callback_data(subreq,
2312 struct smb_full_audit_get_dos_attributes_state *state =
2313 tevent_req_data(req,
2314 struct smb_full_audit_get_dos_attributes_state);
2317 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq,
2320 TALLOC_FREE(subreq);
2321 if (tevent_req_nterror(req, status)) {
2325 tevent_req_done(req);
2329 static NTSTATUS smb_full_audit_get_dos_attributes_recv(struct tevent_req *req,
2330 struct vfs_aio_state *aio_state,
2333 struct smb_full_audit_get_dos_attributes_state *state =
2334 tevent_req_data(req,
2335 struct smb_full_audit_get_dos_attributes_state);
2338 if (tevent_req_is_nterror(req, &status)) {
2339 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2343 fsp_str_do_log(state->dir_fsp),
2344 state->smb_fname->base_name);
2345 tevent_req_received(req);
2349 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2353 fsp_str_do_log(state->dir_fsp),
2354 state->smb_fname->base_name);
2356 *aio_state = state->aio_state;
2357 *dosmode = state->dosmode;
2358 tevent_req_received(req);
2359 return NT_STATUS_OK;
2362 static NTSTATUS smb_full_audit_fget_dos_attributes(
2363 struct vfs_handle_struct *handle,
2364 struct files_struct *fsp,
2369 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2373 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2374 NT_STATUS_IS_OK(status),
2377 fsp_str_do_log(fsp));
2382 static NTSTATUS smb_full_audit_set_dos_attributes(
2383 struct vfs_handle_struct *handle,
2384 const struct smb_filename *smb_fname,
2389 status = SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
2393 do_log(SMB_VFS_OP_SET_DOS_ATTRIBUTES,
2394 NT_STATUS_IS_OK(status),
2397 smb_fname_str_do_log(handle->conn, smb_fname));
2402 static NTSTATUS smb_full_audit_fset_dos_attributes(
2403 struct vfs_handle_struct *handle,
2404 struct files_struct *fsp,
2409 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2413 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2414 NT_STATUS_IS_OK(status),
2417 fsp_str_do_log(fsp));
2422 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2423 uint32_t security_info,
2424 TALLOC_CTX *mem_ctx,
2425 struct security_descriptor **ppdesc)
2429 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2432 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2433 "%s", fsp_str_do_log(fsp));
2438 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
2439 const struct smb_filename *smb_fname,
2440 uint32_t security_info,
2441 TALLOC_CTX *mem_ctx,
2442 struct security_descriptor **ppdesc)
2446 result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
2449 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2450 "%s", smb_fname_str_do_log(handle->conn, smb_fname));
2455 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2456 uint32_t security_info_sent,
2457 const struct security_descriptor *psd)
2459 struct vfs_full_audit_private_data *pd;
2463 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2464 struct vfs_full_audit_private_data,
2465 return NT_STATUS_INTERNAL_ERROR);
2467 if (pd->log_secdesc) {
2468 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2471 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2473 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2474 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2481 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2482 struct smb_filename *file,
2483 struct security_acl *sacl,
2484 uint32_t access_requested,
2485 uint32_t access_denied)
2489 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2495 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2497 smb_fname_str_do_log(handle->conn, file));
2502 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
2503 const struct smb_filename *smb_fname,
2504 SMB_ACL_TYPE_T type,
2505 TALLOC_CTX *mem_ctx)
2509 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
2512 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE,
2516 smb_fname_str_do_log(handle->conn, smb_fname));
2521 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2522 files_struct *fsp, TALLOC_CTX *mem_ctx)
2526 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
2528 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2529 "%s", fsp_str_do_log(fsp));
2534 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
2535 const struct smb_filename *smb_fname,
2536 TALLOC_CTX *mem_ctx,
2537 char **blob_description,
2542 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
2543 mem_ctx, blob_description, blob);
2545 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
2549 smb_fname_str_do_log(handle->conn, smb_fname));
2554 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2556 TALLOC_CTX *mem_ctx,
2557 char **blob_description,
2562 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2564 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2565 "%s", fsp_str_do_log(fsp));
2570 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
2571 const struct smb_filename *smb_fname,
2572 SMB_ACL_TYPE_T acltype,
2577 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname, acltype,
2580 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE,
2584 smb_fname_str_do_log(handle->conn, smb_fname));
2589 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
2594 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
2596 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2597 "%s", fsp_str_do_log(fsp));
2602 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2603 const struct smb_filename *smb_fname)
2607 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
2609 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
2613 smb_fname_str_do_log(handle->conn, smb_fname));
2618 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2619 const struct smb_filename *smb_fname,
2620 const char *name, void *value, size_t size)
2624 result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size);
2626 do_log(SMB_VFS_OP_GETXATTR,
2630 smb_fname_str_do_log(handle->conn, smb_fname),
2636 struct smb_full_audit_getxattrat_state {
2637 struct vfs_aio_state aio_state;
2638 vfs_handle_struct *handle;
2639 files_struct *dir_fsp;
2640 const struct smb_filename *smb_fname;
2641 const char *xattr_name;
2643 uint8_t *xattr_value;
2646 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq);
2648 static struct tevent_req *smb_full_audit_getxattrat_send(
2649 TALLOC_CTX *mem_ctx,
2650 struct tevent_context *ev,
2651 struct vfs_handle_struct *handle,
2652 files_struct *dir_fsp,
2653 const struct smb_filename *smb_fname,
2654 const char *xattr_name,
2657 struct tevent_req *req = NULL;
2658 struct tevent_req *subreq = NULL;
2659 struct smb_full_audit_getxattrat_state *state = NULL;
2661 req = tevent_req_create(mem_ctx, &state,
2662 struct smb_full_audit_getxattrat_state);
2664 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2668 fsp_str_do_log(dir_fsp),
2669 smb_fname->base_name,
2673 *state = (struct smb_full_audit_getxattrat_state) {
2676 .smb_fname = smb_fname,
2677 .xattr_name = xattr_name,
2680 subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state,
2687 if (tevent_req_nomem(subreq, req)) {
2688 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2692 fsp_str_do_log(dir_fsp),
2693 smb_fname->base_name,
2695 return tevent_req_post(req, ev);
2697 tevent_req_set_callback(subreq, smb_full_audit_getxattrat_done, req);
2699 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2703 fsp_str_do_log(dir_fsp),
2704 smb_fname->base_name,
2710 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq)
2712 struct tevent_req *req = tevent_req_callback_data(
2713 subreq, struct tevent_req);
2714 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2715 req, struct smb_full_audit_getxattrat_state);
2717 state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq,
2720 &state->xattr_value);
2721 TALLOC_FREE(subreq);
2722 if (state->xattr_size == -1) {
2723 tevent_req_error(req, state->aio_state.error);
2727 tevent_req_done(req);
2730 static ssize_t smb_full_audit_getxattrat_recv(struct tevent_req *req,
2731 struct vfs_aio_state *aio_state,
2732 TALLOC_CTX *mem_ctx,
2733 uint8_t **xattr_value)
2735 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2736 req, struct smb_full_audit_getxattrat_state);
2739 if (tevent_req_is_unix_error(req, &aio_state->error)) {
2740 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2744 fsp_str_do_log(state->dir_fsp),
2745 state->smb_fname->base_name,
2747 tevent_req_received(req);
2751 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2755 fsp_str_do_log(state->dir_fsp),
2756 state->smb_fname->base_name,
2759 *aio_state = state->aio_state;
2760 xattr_size = state->xattr_size;
2761 if (xattr_value != NULL) {
2762 *xattr_value = talloc_move(mem_ctx, &state->xattr_value);
2765 tevent_req_received(req);
2769 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2770 struct files_struct *fsp,
2771 const char *name, void *value, size_t size)
2775 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2777 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2778 "%s|%s", fsp_str_do_log(fsp), name);
2783 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2784 const struct smb_filename *smb_fname,
2790 result = SMB_VFS_NEXT_LISTXATTR(handle, smb_fname, list, size);
2792 do_log(SMB_VFS_OP_LISTXATTR,
2796 smb_fname_str_do_log(handle->conn, smb_fname));
2801 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2802 struct files_struct *fsp, char *list,
2807 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2809 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2810 "%s", fsp_str_do_log(fsp));
2815 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2816 const struct smb_filename *smb_fname,
2821 result = SMB_VFS_NEXT_REMOVEXATTR(handle, smb_fname, name);
2823 do_log(SMB_VFS_OP_REMOVEXATTR,
2827 smb_fname_str_do_log(handle->conn, smb_fname),
2833 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2834 struct files_struct *fsp,
2839 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2841 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2842 "%s|%s", fsp_str_do_log(fsp), name);
2847 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2848 const struct smb_filename *smb_fname,
2849 const char *name, const void *value, size_t size,
2854 result = SMB_VFS_NEXT_SETXATTR(handle, smb_fname, name, value, size,
2857 do_log(SMB_VFS_OP_SETXATTR,
2861 smb_fname_str_do_log(handle->conn, smb_fname),
2867 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2868 struct files_struct *fsp, const char *name,
2869 const void *value, size_t size, int flags)
2873 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2875 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2876 "%s|%s", fsp_str_do_log(fsp), name);
2881 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2882 struct files_struct *fsp)
2886 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2887 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2888 "%s", fsp_str_do_log(fsp));
2893 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2894 struct files_struct *fsp,
2895 TALLOC_CTX *mem_ctx,
2900 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2905 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2906 "%s", fsp_str_do_log(fsp));
2911 static NTSTATUS smb_full_audit_durable_disconnect(
2912 struct vfs_handle_struct *handle,
2913 struct files_struct *fsp,
2914 const DATA_BLOB old_cookie,
2915 TALLOC_CTX *mem_ctx,
2916 DATA_BLOB *new_cookie)
2920 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2926 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2927 "%s", fsp_str_do_log(fsp));
2932 static NTSTATUS smb_full_audit_durable_reconnect(
2933 struct vfs_handle_struct *handle,
2934 struct smb_request *smb1req,
2935 struct smbXsrv_open *op,
2936 const DATA_BLOB old_cookie,
2937 TALLOC_CTX *mem_ctx,
2938 struct files_struct **fsp,
2939 DATA_BLOB *new_cookie)
2943 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2951 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2952 NT_STATUS_IS_OK(result),
2959 static struct vfs_fn_pointers vfs_full_audit_fns = {
2961 /* Disk operations */
2963 .connect_fn = smb_full_audit_connect,
2964 .disconnect_fn = smb_full_audit_disconnect,
2965 .disk_free_fn = smb_full_audit_disk_free,
2966 .get_quota_fn = smb_full_audit_get_quota,
2967 .set_quota_fn = smb_full_audit_set_quota,
2968 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2969 .statvfs_fn = smb_full_audit_statvfs,
2970 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2971 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2972 .create_dfs_pathat_fn = smb_full_audit_create_dfs_pathat,
2973 .read_dfs_pathat_fn = smb_full_audit_read_dfs_pathat,
2974 .fdopendir_fn = smb_full_audit_fdopendir,
2975 .readdir_fn = smb_full_audit_readdir,
2976 .seekdir_fn = smb_full_audit_seekdir,
2977 .telldir_fn = smb_full_audit_telldir,
2978 .rewind_dir_fn = smb_full_audit_rewinddir,
2979 .mkdirat_fn = smb_full_audit_mkdirat,
2980 .closedir_fn = smb_full_audit_closedir,
2981 .open_fn = smb_full_audit_open,
2982 .create_file_fn = smb_full_audit_create_file,
2983 .close_fn = smb_full_audit_close,
2984 .pread_fn = smb_full_audit_pread,
2985 .pread_send_fn = smb_full_audit_pread_send,
2986 .pread_recv_fn = smb_full_audit_pread_recv,
2987 .pwrite_fn = smb_full_audit_pwrite,
2988 .pwrite_send_fn = smb_full_audit_pwrite_send,
2989 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2990 .lseek_fn = smb_full_audit_lseek,
2991 .sendfile_fn = smb_full_audit_sendfile,
2992 .recvfile_fn = smb_full_audit_recvfile,
2993 .renameat_fn = smb_full_audit_renameat,
2994 .fsync_send_fn = smb_full_audit_fsync_send,
2995 .fsync_recv_fn = smb_full_audit_fsync_recv,
2996 .stat_fn = smb_full_audit_stat,
2997 .fstat_fn = smb_full_audit_fstat,
2998 .lstat_fn = smb_full_audit_lstat,
2999 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
3000 .unlinkat_fn = smb_full_audit_unlinkat,
3001 .chmod_fn = smb_full_audit_chmod,
3002 .fchmod_fn = smb_full_audit_fchmod,
3003 .fchown_fn = smb_full_audit_fchown,
3004 .lchown_fn = smb_full_audit_lchown,
3005 .chdir_fn = smb_full_audit_chdir,
3006 .getwd_fn = smb_full_audit_getwd,
3007 .ntimes_fn = smb_full_audit_ntimes,
3008 .ftruncate_fn = smb_full_audit_ftruncate,
3009 .fallocate_fn = smb_full_audit_fallocate,
3010 .lock_fn = smb_full_audit_lock,
3011 .kernel_flock_fn = smb_full_audit_kernel_flock,
3012 .fcntl_fn = smb_full_audit_fcntl,
3013 .linux_setlease_fn = smb_full_audit_linux_setlease,
3014 .getlock_fn = smb_full_audit_getlock,
3015 .symlinkat_fn = smb_full_audit_symlinkat,
3016 .readlinkat_fn = smb_full_audit_readlinkat,
3017 .linkat_fn = smb_full_audit_linkat,
3018 .mknodat_fn = smb_full_audit_mknodat,
3019 .realpath_fn = smb_full_audit_realpath,
3020 .chflags_fn = smb_full_audit_chflags,
3021 .file_id_create_fn = smb_full_audit_file_id_create,
3022 .fs_file_id_fn = smb_full_audit_fs_file_id,
3023 .offload_read_send_fn = smb_full_audit_offload_read_send,
3024 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
3025 .offload_write_send_fn = smb_full_audit_offload_write_send,
3026 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
3027 .get_compression_fn = smb_full_audit_get_compression,
3028 .set_compression_fn = smb_full_audit_set_compression,
3029 .snap_check_path_fn = smb_full_audit_snap_check_path,
3030 .snap_create_fn = smb_full_audit_snap_create,
3031 .snap_delete_fn = smb_full_audit_snap_delete,
3032 .streaminfo_fn = smb_full_audit_streaminfo,
3033 .get_real_filename_fn = smb_full_audit_get_real_filename,
3034 .connectpath_fn = smb_full_audit_connectpath,
3035 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
3036 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
3037 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
3038 .translate_name_fn = smb_full_audit_translate_name,
3039 .fsctl_fn = smb_full_audit_fsctl,
3040 .get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
3041 .get_dos_attributes_send_fn = smb_full_audit_get_dos_attributes_send,
3042 .get_dos_attributes_recv_fn = smb_full_audit_get_dos_attributes_recv,
3043 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
3044 .set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
3045 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
3046 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
3047 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
3048 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
3049 .audit_file_fn = smb_full_audit_audit_file,
3050 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
3051 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
3052 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
3053 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
3054 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
3055 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
3056 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
3057 .getxattr_fn = smb_full_audit_getxattr,
3058 .getxattrat_send_fn = smb_full_audit_getxattrat_send,
3059 .getxattrat_recv_fn = smb_full_audit_getxattrat_recv,
3060 .fgetxattr_fn = smb_full_audit_fgetxattr,
3061 .listxattr_fn = smb_full_audit_listxattr,
3062 .flistxattr_fn = smb_full_audit_flistxattr,
3063 .removexattr_fn = smb_full_audit_removexattr,
3064 .fremovexattr_fn = smb_full_audit_fremovexattr,
3065 .setxattr_fn = smb_full_audit_setxattr,
3066 .fsetxattr_fn = smb_full_audit_fsetxattr,
3067 .aio_force_fn = smb_full_audit_aio_force,
3068 .durable_cookie_fn = smb_full_audit_durable_cookie,
3069 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
3070 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
3071 .readdir_attr_fn = smb_full_audit_readdir_attr
3076 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
3080 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
3082 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
3083 &vfs_full_audit_fns);
3085 if (!NT_STATUS_IS_OK(ret))
3088 vfs_full_audit_debug_level = debug_add_class("full_audit");
3089 if (vfs_full_audit_debug_level == -1) {
3090 vfs_full_audit_debug_level = DBGC_VFS;
3091 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
3094 DEBUG(10, ("vfs_full_audit: Debug class number of "
3095 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / samba.git / blob