2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir create_file
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|/tmp
42 * smbd_audit: nobody|192.168.234.1|create_file|fail (No such file or directory)|0x1|file|open|/ts/doesNotExist
43 * smbd_audit: nobody|192.168.234.1|open|ok|w|/tmp/file.txt
44 * smbd_audit: nobody|192.168.234.1|create_file|ok|0x3|file|open|/tmp/file.txt
46 * where "nobody" is the connected username and "192.168.234.1" is the
47 * client's IP address.
51 * prefix: A macro expansion template prepended to the syslog entry.
53 * success: A list of VFS operations for which a successful completion should
54 * be logged. Defaults to no logging at all. The special operation "all" logs
55 * - you guessed it - everything.
57 * failure: A list of VFS operations for which failure to complete should be
58 * logged. Defaults to logging everything.
63 #include "system/filesys.h"
64 #include "system/syslog.h"
65 #include "smbd/smbd.h"
66 #include "../librpc/gen_ndr/ndr_netlogon.h"
69 #include "lib/param/loadparm.h"
70 #include "lib/util/bitmap.h"
71 #include "lib/util/tevent_unix.h"
72 #include "libcli/security/sddl.h"
73 #include "passdb/machine_sid.h"
74 #include "lib/util/tevent_ntstatus.h"
75 #include "lib/util/string_wrappers.h"
77 static int vfs_full_audit_debug_level = DBGC_VFS;
79 struct vfs_full_audit_private_data {
80 struct bitmap *success_ops;
81 struct bitmap *failure_ops;
89 #define DBGC_CLASS vfs_full_audit_debug_level
91 typedef enum _vfs_op_type {
96 SMB_VFS_OP_CONNECT = 0,
97 SMB_VFS_OP_DISCONNECT,
100 SMB_VFS_OP_SET_QUOTA,
101 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
103 SMB_VFS_OP_FS_CAPABILITIES,
104 SMB_VFS_OP_GET_DFS_REFERRALS,
105 SMB_VFS_OP_CREATE_DFS_PATHAT,
106 SMB_VFS_OP_READ_DFS_PATHAT,
108 /* Directory operations */
110 SMB_VFS_OP_FDOPENDIR,
114 SMB_VFS_OP_REWINDDIR,
118 /* File operations */
122 SMB_VFS_OP_CREATE_FILE,
126 SMB_VFS_OP_PREAD_SEND,
127 SMB_VFS_OP_PREAD_RECV,
130 SMB_VFS_OP_PWRITE_SEND,
131 SMB_VFS_OP_PWRITE_RECV,
137 SMB_VFS_OP_FSYNC_SEND,
138 SMB_VFS_OP_FSYNC_RECV,
142 SMB_VFS_OP_GET_ALLOC_SIZE,
150 SMB_VFS_OP_FTRUNCATE,
151 SMB_VFS_OP_FALLOCATE,
153 SMB_VFS_OP_KERNEL_FLOCK,
155 SMB_VFS_OP_LINUX_SETLEASE,
157 SMB_VFS_OP_SYMLINKAT,
158 SMB_VFS_OP_READLINKAT,
163 SMB_VFS_OP_FILE_ID_CREATE,
164 SMB_VFS_OP_FS_FILE_ID,
165 SMB_VFS_OP_STREAMINFO,
166 SMB_VFS_OP_GET_REAL_FILENAME,
167 SMB_VFS_OP_CONNECTPATH,
168 SMB_VFS_OP_BRL_LOCK_WINDOWS,
169 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
170 SMB_VFS_OP_STRICT_LOCK_CHECK,
171 SMB_VFS_OP_TRANSLATE_NAME,
173 SMB_VFS_OP_OFFLOAD_READ_SEND,
174 SMB_VFS_OP_OFFLOAD_READ_RECV,
175 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
176 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
177 SMB_VFS_OP_FGET_COMPRESSION,
178 SMB_VFS_OP_SET_COMPRESSION,
179 SMB_VFS_OP_SNAP_CHECK_PATH,
180 SMB_VFS_OP_SNAP_CREATE,
181 SMB_VFS_OP_SNAP_DELETE,
183 /* DOS attribute operations. */
184 SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
185 SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
186 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
187 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
189 /* NT ACL operations. */
191 SMB_VFS_OP_FGET_NT_ACL,
192 SMB_VFS_OP_GET_NT_ACL_AT,
193 SMB_VFS_OP_FSET_NT_ACL,
194 SMB_VFS_OP_AUDIT_FILE,
196 /* POSIX ACL operations. */
198 SMB_VFS_OP_SYS_ACL_GET_FILE,
199 SMB_VFS_OP_SYS_ACL_GET_FD,
200 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
201 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
202 SMB_VFS_OP_SYS_ACL_SET_FD,
203 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
207 SMB_VFS_OP_GETXATTRAT_SEND,
208 SMB_VFS_OP_GETXATTRAT_RECV,
209 SMB_VFS_OP_FGETXATTR,
210 SMB_VFS_OP_FLISTXATTR,
211 SMB_VFS_OP_REMOVEXATTR,
212 SMB_VFS_OP_FREMOVEXATTR,
213 SMB_VFS_OP_FSETXATTR,
216 SMB_VFS_OP_AIO_FORCE,
218 /* offline operations */
219 SMB_VFS_OP_IS_OFFLINE,
220 SMB_VFS_OP_SET_OFFLINE,
222 /* Durable handle operations. */
223 SMB_VFS_OP_DURABLE_COOKIE,
224 SMB_VFS_OP_DURABLE_DISCONNECT,
225 SMB_VFS_OP_DURABLE_RECONNECT,
227 SMB_VFS_OP_READDIR_ATTR,
229 /* This should always be last enum value */
234 /* The following array *must* be in the same order as defined in vfs_op_type */
240 { SMB_VFS_OP_CONNECT, "connect" },
241 { SMB_VFS_OP_DISCONNECT, "disconnect" },
242 { SMB_VFS_OP_DISK_FREE, "disk_free" },
243 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
244 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
245 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
246 { SMB_VFS_OP_STATVFS, "statvfs" },
247 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
248 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
249 { SMB_VFS_OP_CREATE_DFS_PATHAT, "create_dfs_pathat" },
250 { SMB_VFS_OP_READ_DFS_PATHAT, "read_dfs_pathat" },
251 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
252 { SMB_VFS_OP_READDIR, "readdir" },
253 { SMB_VFS_OP_SEEKDIR, "seekdir" },
254 { SMB_VFS_OP_TELLDIR, "telldir" },
255 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
256 { SMB_VFS_OP_MKDIRAT, "mkdirat" },
257 { SMB_VFS_OP_CLOSEDIR, "closedir" },
258 { SMB_VFS_OP_OPEN, "open" },
259 { SMB_VFS_OP_OPENAT, "openat" },
260 { SMB_VFS_OP_CREATE_FILE, "create_file" },
261 { SMB_VFS_OP_CLOSE, "close" },
262 { SMB_VFS_OP_READ, "read" },
263 { SMB_VFS_OP_PREAD, "pread" },
264 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
265 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
266 { SMB_VFS_OP_WRITE, "write" },
267 { SMB_VFS_OP_PWRITE, "pwrite" },
268 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
269 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
270 { SMB_VFS_OP_LSEEK, "lseek" },
271 { SMB_VFS_OP_SENDFILE, "sendfile" },
272 { SMB_VFS_OP_RECVFILE, "recvfile" },
273 { SMB_VFS_OP_RENAMEAT, "renameat" },
274 { SMB_VFS_OP_FSYNC, "fsync" },
275 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
276 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
277 { SMB_VFS_OP_STAT, "stat" },
278 { SMB_VFS_OP_FSTAT, "fstat" },
279 { SMB_VFS_OP_LSTAT, "lstat" },
280 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
281 { SMB_VFS_OP_UNLINKAT, "unlinkat" },
282 { SMB_VFS_OP_FCHMOD, "fchmod" },
283 { SMB_VFS_OP_FCHOWN, "fchown" },
284 { SMB_VFS_OP_LCHOWN, "lchown" },
285 { SMB_VFS_OP_CHDIR, "chdir" },
286 { SMB_VFS_OP_GETWD, "getwd" },
287 { SMB_VFS_OP_NTIMES, "ntimes" },
288 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
289 { SMB_VFS_OP_FALLOCATE,"fallocate" },
290 { SMB_VFS_OP_LOCK, "lock" },
291 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
292 { SMB_VFS_OP_FCNTL, "fcntl" },
293 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
294 { SMB_VFS_OP_GETLOCK, "getlock" },
295 { SMB_VFS_OP_SYMLINKAT, "symlinkat" },
296 { SMB_VFS_OP_READLINKAT,"readlinkat" },
297 { SMB_VFS_OP_LINKAT, "linkat" },
298 { SMB_VFS_OP_MKNODAT, "mknodat" },
299 { SMB_VFS_OP_REALPATH, "realpath" },
300 { SMB_VFS_OP_CHFLAGS, "chflags" },
301 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
302 { SMB_VFS_OP_FS_FILE_ID, "fs_file_id" },
303 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
304 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
305 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
306 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
307 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
308 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
309 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
310 { SMB_VFS_OP_FSCTL, "fsctl" },
311 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
312 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
313 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
314 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
315 { SMB_VFS_OP_FGET_COMPRESSION, "fget_compression" },
316 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
317 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
318 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
319 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
320 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND, "get_dos_attributes_send" },
321 { SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV, "get_dos_attributes_recv" },
322 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
323 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
324 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
325 { SMB_VFS_OP_GET_NT_ACL_AT, "get_nt_acl_at" },
326 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
327 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
328 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
329 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
330 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
331 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
332 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
333 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
334 { SMB_VFS_OP_GETXATTR, "getxattr" },
335 { SMB_VFS_OP_GETXATTRAT_SEND, "getxattrat_send" },
336 { SMB_VFS_OP_GETXATTRAT_RECV, "getxattrat_recv" },
337 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
338 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
339 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
340 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
341 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
342 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
343 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
344 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
345 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
346 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
347 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
348 { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
349 { SMB_VFS_OP_LAST, NULL }
352 static int audit_syslog_facility(vfs_handle_struct *handle)
354 static const struct enum_list enum_log_facilities[] = {
356 { LOG_AUTH, "AUTH" },
359 { LOG_AUTHPRIV, "AUTHPRIV" },
362 { LOG_AUDIT, "AUDIT" },
365 { LOG_CONSOLE, "CONSOLE" },
368 { LOG_CRON, "CRON" },
371 { LOG_DAEMON, "DAEMON" },
377 { LOG_INSTALL, "INSTALL" },
380 { LOG_KERN, "KERN" },
383 { LOG_LAUNCHD, "LAUNCHD" },
386 { LOG_LFMT, "LFMT" },
392 { LOG_MAIL, "MAIL" },
395 { LOG_MEGASAFE, "MEGASAFE" },
398 { LOG_NETINFO, "NETINFO" },
401 { LOG_NEWS, "NEWS" },
403 #ifdef LOG_NFACILITIES
404 { LOG_NFACILITIES, "NFACILITIES" },
412 #ifdef LOG_REMOTEAUTH
413 { LOG_REMOTEAUTH, "REMOTEAUTH" },
416 { LOG_SECURITY, "SECURITY" },
419 { LOG_SYSLOG, "SYSLOG" },
422 { LOG_USER, "USER" },
425 { LOG_UUCP, "UUCP" },
427 { LOG_LOCAL0, "LOCAL0" },
428 { LOG_LOCAL1, "LOCAL1" },
429 { LOG_LOCAL2, "LOCAL2" },
430 { LOG_LOCAL3, "LOCAL3" },
431 { LOG_LOCAL4, "LOCAL4" },
432 { LOG_LOCAL5, "LOCAL5" },
433 { LOG_LOCAL6, "LOCAL6" },
434 { LOG_LOCAL7, "LOCAL7" },
440 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
445 static int audit_syslog_priority(vfs_handle_struct *handle)
447 static const struct enum_list enum_log_priorities[] = {
448 { LOG_EMERG, "EMERG" },
449 { LOG_ALERT, "ALERT" },
450 { LOG_CRIT, "CRIT" },
452 { LOG_WARNING, "WARNING" },
453 { LOG_NOTICE, "NOTICE" },
454 { LOG_INFO, "INFO" },
455 { LOG_DEBUG, "DEBUG" },
461 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
462 enum_log_priorities, LOG_NOTICE);
463 if (priority == -1) {
464 priority = LOG_WARNING;
470 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
472 const struct loadparm_substitution *lp_sub =
473 loadparm_s3_global_substitution();
477 prefix = talloc_strdup(ctx,
478 lp_parm_const_string(SNUM(conn), "full_audit",
483 result = talloc_sub_full(ctx,
484 lp_servicename(talloc_tos(), lp_sub, SNUM(conn)),
485 conn->session_info->unix_info->unix_name,
487 conn->session_info->unix_token->gid,
488 conn->session_info->unix_info->sanitized_username,
489 conn->session_info->info->domain_name,
495 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
497 if (pd->success_ops == NULL) {
501 return bitmap_query(pd->success_ops, op);
504 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
506 if (pd->failure_ops == NULL)
509 return bitmap_query(pd->failure_ops, op);
512 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
520 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
522 DEBUG(0, ("Could not alloc bitmap -- "
523 "defaulting to logging everything\n"));
527 for (; *ops != NULL; ops += 1) {
532 if (strequal(*ops, "all")) {
533 for (i=0; i<SMB_VFS_OP_LAST; i++) {
539 if (strequal(*ops, "none")) {
549 for (i=0; i<SMB_VFS_OP_LAST; i++) {
550 if ((vfs_op_names[i].name == NULL)
551 || (vfs_op_names[i].type != i)) {
552 smb_panic("vfs_full_audit.c: name table not "
553 "in sync with vfs_op_type enums\n");
555 if (strequal(op, vfs_op_names[i].name)) {
564 if (i == SMB_VFS_OP_LAST) {
565 DEBUG(0, ("Could not find opname %s, logging all\n",
574 static const char *audit_opname(vfs_op_type op)
576 if (op >= SMB_VFS_OP_LAST)
577 return "INVALID VFS OP";
578 return vfs_op_names[op].name;
581 static TALLOC_CTX *tmp_do_log_ctx;
583 * Get us a temporary talloc context usable just for DEBUG arguments
585 static TALLOC_CTX *do_log_ctx(void)
587 if (tmp_do_log_ctx == NULL) {
588 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
590 return tmp_do_log_ctx;
593 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
594 const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
596 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
597 const char *format, ...)
599 struct vfs_full_audit_private_data *pd;
601 char *audit_pre = NULL;
605 SMB_VFS_HANDLE_GET_DATA(handle, pd,
606 struct vfs_full_audit_private_data,
609 if (success && (!log_success(pd, op)))
612 if (!success && (!log_failure(pd, op)))
616 fstrcpy(err_msg, "ok");
618 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
620 va_start(ap, format);
621 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
628 audit_pre = audit_prefix(talloc_tos(), handle->conn);
634 * Specify the facility to interoperate with other syslog
635 * callers (smbd for example).
637 priority = pd->syslog_priority | pd->syslog_facility;
639 syslog(priority, "%s|%s|%s|%s\n",
640 audit_pre ? audit_pre : "",
641 audit_opname(op), err_msg, op_msg);
643 DEBUG(1, ("%s|%s|%s|%s\n",
644 audit_pre ? audit_pre : "",
645 audit_opname(op), err_msg, op_msg));
648 TALLOC_FREE(audit_pre);
650 TALLOC_FREE(tmp_do_log_ctx);
654 * Return a string using the do_log_ctx()
656 static const char *smb_fname_str_do_log(struct connection_struct *conn,
657 const struct smb_filename *smb_fname)
662 if (smb_fname == NULL) {
666 if (smb_fname->base_name[0] != '/') {
667 char *abs_name = NULL;
668 struct smb_filename *fname_copy = cp_smb_filename(
671 if (fname_copy == NULL) {
675 if (!ISDOT(smb_fname->base_name)) {
676 abs_name = talloc_asprintf(do_log_ctx(),
678 conn->cwd_fsp->fsp_name->base_name,
679 smb_fname->base_name);
681 abs_name = talloc_strdup(do_log_ctx(),
682 conn->cwd_fsp->fsp_name->base_name);
684 if (abs_name == NULL) {
687 fname_copy->base_name = abs_name;
688 smb_fname = fname_copy;
691 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
692 if (!NT_STATUS_IS_OK(status)) {
699 * Return an fsp debug string using the do_log_ctx()
701 static const char *fsp_str_do_log(const struct files_struct *fsp)
703 return smb_fname_str_do_log(fsp->conn, fsp->fsp_name);
706 /* Implementation of vfs_ops. Pass everything on to the default
707 operation but log event first. */
709 static int smb_full_audit_connect(vfs_handle_struct *handle,
710 const char *svc, const char *user)
713 const char *none[] = { "none" };
714 struct vfs_full_audit_private_data *pd = NULL;
716 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
721 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
723 SMB_VFS_NEXT_DISCONNECT(handle);
727 pd->syslog_facility = audit_syslog_facility(handle);
728 if (pd->syslog_facility == -1) {
729 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
730 lp_parm_const_string(SNUM(handle->conn),
731 "full_audit", "facility",
733 SMB_VFS_NEXT_DISCONNECT(handle);
737 pd->syslog_priority = audit_syslog_priority(handle);
739 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
740 "full_audit", "log_secdesc", false);
742 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
743 "full_audit", "syslog", true);
747 openlog("smbd_audit", 0, pd->syslog_facility);
751 pd->success_ops = init_bitmap(
752 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
754 pd->failure_ops = init_bitmap(
755 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
758 /* Store the private data. */
759 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
760 struct vfs_full_audit_private_data, return -1);
762 do_log(SMB_VFS_OP_CONNECT, True, handle,
768 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
770 const struct loadparm_substitution *lp_sub =
771 loadparm_s3_global_substitution();
773 SMB_VFS_NEXT_DISCONNECT(handle);
775 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
776 "%s", lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn)));
778 /* The bitmaps will be disconnected when the private
782 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
783 const struct smb_filename *smb_fname,
790 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
792 /* Don't have a reasonable notion of failure here */
794 do_log(SMB_VFS_OP_DISK_FREE,
798 smb_fname_str_do_log(handle->conn, smb_fname));
803 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
804 const struct smb_filename *smb_fname,
805 enum SMB_QUOTA_TYPE qtype,
811 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
813 do_log(SMB_VFS_OP_GET_QUOTA,
817 smb_fname_str_do_log(handle->conn, smb_fname));
822 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
823 enum SMB_QUOTA_TYPE qtype, unid_t id,
828 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
830 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
835 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
836 struct files_struct *fsp,
837 struct shadow_copy_data *shadow_copy_data,
842 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
844 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
849 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
850 const struct smb_filename *smb_fname,
851 struct vfs_statvfs_struct *statbuf)
855 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
857 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
862 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
866 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
868 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
873 static NTSTATUS smb_full_audit_get_dfs_referrals(
874 struct vfs_handle_struct *handle,
875 struct dfs_GetDFSReferral *r)
879 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
881 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
887 static NTSTATUS smb_full_audit_create_dfs_pathat(struct vfs_handle_struct *handle,
888 struct files_struct *dirfsp,
889 const struct smb_filename *smb_fname,
890 const struct referral *reflist,
891 size_t referral_count)
894 struct smb_filename *full_fname = NULL;
896 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
899 if (full_fname == NULL) {
900 return NT_STATUS_NO_MEMORY;
903 status = SMB_VFS_NEXT_CREATE_DFS_PATHAT(handle,
909 do_log(SMB_VFS_OP_CREATE_DFS_PATHAT,
910 NT_STATUS_IS_OK(status),
913 smb_fname_str_do_log(handle->conn, full_fname));
915 TALLOC_FREE(full_fname);
919 static NTSTATUS smb_full_audit_read_dfs_pathat(struct vfs_handle_struct *handle,
921 struct files_struct *dirfsp,
922 struct smb_filename *smb_fname,
923 struct referral **ppreflist,
924 size_t *preferral_count)
928 status = SMB_VFS_NEXT_READ_DFS_PATHAT(handle,
935 do_log(SMB_VFS_OP_READ_DFS_PATHAT,
936 NT_STATUS_IS_OK(status),
939 smb_fname_str_do_log(handle->conn, smb_fname));
944 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
946 const char *service_path,
951 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
953 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
959 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
961 const char *base_volume,
969 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
970 rw, base_path, snap_path);
971 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
976 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
983 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
985 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
990 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
991 files_struct *fsp, const char *mask, uint32_t attr)
995 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
997 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
998 fsp_str_do_log(fsp));
1003 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
1004 struct files_struct *dirfsp,
1006 SMB_STRUCT_STAT *sbuf)
1008 struct dirent *result;
1010 result = SMB_VFS_NEXT_READDIR(handle, dirfsp, dirp, sbuf);
1012 /* This operation has no reasonable error condition
1013 * (End of dir is also failure), so always succeed.
1015 do_log(SMB_VFS_OP_READDIR, True, handle, "");
1020 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
1021 DIR *dirp, long offset)
1023 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
1025 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
1028 static long smb_full_audit_telldir(vfs_handle_struct *handle,
1033 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
1035 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
1040 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
1043 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
1045 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
1048 static int smb_full_audit_mkdirat(vfs_handle_struct *handle,
1049 struct files_struct *dirfsp,
1050 const struct smb_filename *smb_fname,
1053 struct smb_filename *full_fname = NULL;
1056 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1059 if (full_fname == NULL) {
1064 result = SMB_VFS_NEXT_MKDIRAT(handle,
1069 do_log(SMB_VFS_OP_MKDIRAT,
1073 smb_fname_str_do_log(handle->conn, full_fname));
1075 TALLOC_FREE(full_fname);
1080 static int smb_full_audit_closedir(vfs_handle_struct *handle,
1085 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
1087 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
1092 static int smb_full_audit_openat(vfs_handle_struct *handle,
1093 const struct files_struct *dirfsp,
1094 const struct smb_filename *smb_fname,
1095 struct files_struct *fsp,
1101 result = SMB_VFS_NEXT_OPENAT(handle, dirfsp, smb_fname, fsp, flags, mode);
1103 do_log(SMB_VFS_OP_OPENAT, (result >= 0), handle, "%s|%s",
1104 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
1105 fsp_str_do_log(fsp));
1110 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
1111 struct smb_request *req,
1112 struct smb_filename *smb_fname,
1113 uint32_t access_mask,
1114 uint32_t share_access,
1115 uint32_t create_disposition,
1116 uint32_t create_options,
1117 uint32_t file_attributes,
1118 uint32_t oplock_request,
1119 const struct smb2_lease *lease,
1120 uint64_t allocation_size,
1121 uint32_t private_flags,
1122 struct security_descriptor *sd,
1123 struct ea_list *ea_list,
1124 files_struct **result_fsp,
1126 const struct smb2_create_blobs *in_context_blobs,
1127 struct smb2_create_blobs *out_context_blobs)
1130 const char* str_create_disposition;
1132 switch (create_disposition) {
1133 case FILE_SUPERSEDE:
1134 str_create_disposition = "supersede";
1136 case FILE_OVERWRITE_IF:
1137 str_create_disposition = "overwrite_if";
1140 str_create_disposition = "open";
1142 case FILE_OVERWRITE:
1143 str_create_disposition = "overwrite";
1146 str_create_disposition = "create";
1149 str_create_disposition = "open_if";
1152 str_create_disposition = "unknown";
1155 result = SMB_VFS_NEXT_CREATE_FILE(
1156 handle, /* handle */
1158 smb_fname, /* fname */
1159 access_mask, /* access_mask */
1160 share_access, /* share_access */
1161 create_disposition, /* create_disposition*/
1162 create_options, /* create_options */
1163 file_attributes, /* file_attributes */
1164 oplock_request, /* oplock_request */
1166 allocation_size, /* allocation_size */
1169 ea_list, /* ea_list */
1170 result_fsp, /* result */
1172 in_context_blobs, out_context_blobs); /* create context */
1174 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1175 "0x%x|%s|%s|%s", access_mask,
1176 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1177 str_create_disposition,
1178 smb_fname_str_do_log(handle->conn, smb_fname));
1183 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1187 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1189 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1190 fsp_str_do_log(fsp));
1195 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1196 void *data, size_t n, off_t offset)
1200 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1202 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1203 fsp_str_do_log(fsp));
1208 struct smb_full_audit_pread_state {
1209 vfs_handle_struct *handle;
1212 struct vfs_aio_state vfs_aio_state;
1215 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1217 static struct tevent_req *smb_full_audit_pread_send(
1218 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1219 struct tevent_context *ev, struct files_struct *fsp,
1220 void *data, size_t n, off_t offset)
1222 struct tevent_req *req, *subreq;
1223 struct smb_full_audit_pread_state *state;
1225 req = tevent_req_create(mem_ctx, &state,
1226 struct smb_full_audit_pread_state);
1228 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1229 fsp_str_do_log(fsp));
1232 state->handle = handle;
1235 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1237 if (tevent_req_nomem(subreq, req)) {
1238 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1239 fsp_str_do_log(fsp));
1240 return tevent_req_post(req, ev);
1242 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1244 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1248 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1250 struct tevent_req *req = tevent_req_callback_data(
1251 subreq, struct tevent_req);
1252 struct smb_full_audit_pread_state *state = tevent_req_data(
1253 req, struct smb_full_audit_pread_state);
1255 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1256 TALLOC_FREE(subreq);
1257 tevent_req_done(req);
1260 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1261 struct vfs_aio_state *vfs_aio_state)
1263 struct smb_full_audit_pread_state *state = tevent_req_data(
1264 req, struct smb_full_audit_pread_state);
1266 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1267 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1268 fsp_str_do_log(state->fsp));
1272 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1273 fsp_str_do_log(state->fsp));
1275 *vfs_aio_state = state->vfs_aio_state;
1279 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1280 const void *data, size_t n,
1285 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1287 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1288 fsp_str_do_log(fsp));
1293 struct smb_full_audit_pwrite_state {
1294 vfs_handle_struct *handle;
1297 struct vfs_aio_state vfs_aio_state;
1300 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1302 static struct tevent_req *smb_full_audit_pwrite_send(
1303 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1304 struct tevent_context *ev, struct files_struct *fsp,
1305 const void *data, size_t n, off_t offset)
1307 struct tevent_req *req, *subreq;
1308 struct smb_full_audit_pwrite_state *state;
1310 req = tevent_req_create(mem_ctx, &state,
1311 struct smb_full_audit_pwrite_state);
1313 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1314 fsp_str_do_log(fsp));
1317 state->handle = handle;
1320 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1322 if (tevent_req_nomem(subreq, req)) {
1323 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1324 fsp_str_do_log(fsp));
1325 return tevent_req_post(req, ev);
1327 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1329 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1330 fsp_str_do_log(fsp));
1334 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1336 struct tevent_req *req = tevent_req_callback_data(
1337 subreq, struct tevent_req);
1338 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1339 req, struct smb_full_audit_pwrite_state);
1341 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1342 TALLOC_FREE(subreq);
1343 tevent_req_done(req);
1346 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1347 struct vfs_aio_state *vfs_aio_state)
1349 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1350 req, struct smb_full_audit_pwrite_state);
1352 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1353 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1354 fsp_str_do_log(state->fsp));
1358 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1359 fsp_str_do_log(state->fsp));
1361 *vfs_aio_state = state->vfs_aio_state;
1365 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1366 off_t offset, int whence)
1370 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1372 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1373 "%s", fsp_str_do_log(fsp));
1378 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1379 files_struct *fromfsp,
1380 const DATA_BLOB *hdr, off_t offset,
1385 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1387 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1388 "%s", fsp_str_do_log(fromfsp));
1393 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1394 files_struct *tofsp,
1400 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1402 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1403 "%s", fsp_str_do_log(tofsp));
1408 static int smb_full_audit_renameat(vfs_handle_struct *handle,
1409 files_struct *srcfsp,
1410 const struct smb_filename *smb_fname_src,
1411 files_struct *dstfsp,
1412 const struct smb_filename *smb_fname_dst)
1416 result = SMB_VFS_NEXT_RENAMEAT(handle,
1422 do_log(SMB_VFS_OP_RENAMEAT, (result >= 0), handle, "%s|%s",
1423 smb_fname_str_do_log(handle->conn, smb_fname_src),
1424 smb_fname_str_do_log(handle->conn, smb_fname_dst));
1429 struct smb_full_audit_fsync_state {
1430 vfs_handle_struct *handle;
1433 struct vfs_aio_state vfs_aio_state;
1436 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1438 static struct tevent_req *smb_full_audit_fsync_send(
1439 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1440 struct tevent_context *ev, struct files_struct *fsp)
1442 struct tevent_req *req, *subreq;
1443 struct smb_full_audit_fsync_state *state;
1445 req = tevent_req_create(mem_ctx, &state,
1446 struct smb_full_audit_fsync_state);
1448 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1449 fsp_str_do_log(fsp));
1452 state->handle = handle;
1455 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1456 if (tevent_req_nomem(subreq, req)) {
1457 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1458 fsp_str_do_log(fsp));
1459 return tevent_req_post(req, ev);
1461 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1463 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1467 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1469 struct tevent_req *req = tevent_req_callback_data(
1470 subreq, struct tevent_req);
1471 struct smb_full_audit_fsync_state *state = tevent_req_data(
1472 req, struct smb_full_audit_fsync_state);
1474 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1475 TALLOC_FREE(subreq);
1476 tevent_req_done(req);
1479 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1480 struct vfs_aio_state *vfs_aio_state)
1482 struct smb_full_audit_fsync_state *state = tevent_req_data(
1483 req, struct smb_full_audit_fsync_state);
1485 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1486 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1487 fsp_str_do_log(state->fsp));
1491 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1492 fsp_str_do_log(state->fsp));
1494 *vfs_aio_state = state->vfs_aio_state;
1498 static int smb_full_audit_stat(vfs_handle_struct *handle,
1499 struct smb_filename *smb_fname)
1503 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1505 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1506 smb_fname_str_do_log(handle->conn, smb_fname));
1511 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1512 SMB_STRUCT_STAT *sbuf)
1516 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1518 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1519 fsp_str_do_log(fsp));
1524 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1525 struct smb_filename *smb_fname)
1529 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1531 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1532 smb_fname_str_do_log(handle->conn, smb_fname));
1537 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1538 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1542 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1544 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1545 "%llu", (unsigned long long)result);
1550 static int smb_full_audit_unlinkat(vfs_handle_struct *handle,
1551 struct files_struct *dirfsp,
1552 const struct smb_filename *smb_fname,
1555 struct smb_filename *full_fname = NULL;
1558 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1561 if (full_fname == NULL) {
1565 result = SMB_VFS_NEXT_UNLINKAT(handle,
1570 do_log(SMB_VFS_OP_UNLINKAT, (result >= 0), handle, "%s",
1571 smb_fname_str_do_log(handle->conn, full_fname));
1573 TALLOC_FREE(full_fname);
1577 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1582 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1584 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1585 "%s|%o", fsp_str_do_log(fsp), mode);
1590 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1591 uid_t uid, gid_t gid)
1595 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1597 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1598 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1603 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1604 const struct smb_filename *smb_fname,
1610 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1612 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1613 smb_fname->base_name, (long int)uid, (long int)gid);
1618 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1619 const struct smb_filename *smb_fname)
1623 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1625 do_log(SMB_VFS_OP_CHDIR,
1629 smb_fname_str_do_log(handle->conn, smb_fname));
1634 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1637 struct smb_filename *result;
1639 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1641 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1642 result == NULL? "" : result->base_name);
1647 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1648 const struct smb_filename *smb_fname,
1649 struct smb_file_time *ft)
1652 time_t create_time = convert_timespec_to_time_t(ft->create_time);
1653 time_t atime = convert_timespec_to_time_t(ft->atime);
1654 time_t mtime = convert_timespec_to_time_t(ft->mtime);
1655 time_t ctime = convert_timespec_to_time_t(ft->ctime);
1656 const char *create_time_str = "";
1657 const char *atime_str = "";
1658 const char *mtime_str = "";
1659 const char *ctime_str = "";
1660 TALLOC_CTX *frame = talloc_stackframe();
1662 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1664 if (create_time > 0) {
1665 create_time_str = timestring(frame, create_time);
1668 atime_str = timestring(frame, atime);
1671 mtime_str = timestring(frame, mtime);
1674 ctime_str = timestring(frame, ctime);
1677 do_log(SMB_VFS_OP_NTIMES,
1681 smb_fname_str_do_log(handle->conn, smb_fname),
1692 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1697 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1699 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1700 "%s", fsp_str_do_log(fsp));
1705 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1712 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1714 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1715 "%s", fsp_str_do_log(fsp));
1720 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1721 int op, off_t offset, off_t count, int type)
1725 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1727 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1732 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1733 struct files_struct *fsp,
1734 uint32_t share_access,
1735 uint32_t access_mask)
1739 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle,
1744 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1745 fsp_str_do_log(fsp));
1750 static int smb_full_audit_fcntl(struct vfs_handle_struct *handle,
1751 struct files_struct *fsp,
1752 int cmd, va_list cmd_arg)
1755 va_list dup_cmd_arg;
1758 va_copy(dup_cmd_arg, cmd_arg);
1759 arg = va_arg(dup_cmd_arg, void *);
1760 result = SMB_VFS_NEXT_FCNTL(handle, fsp, cmd, arg);
1761 va_end(dup_cmd_arg);
1763 do_log(SMB_VFS_OP_FCNTL, (result >= 0), handle, "%s",
1764 fsp_str_do_log(fsp));
1769 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1774 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1776 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1777 fsp_str_do_log(fsp));
1782 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1783 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1787 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1789 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1794 static int smb_full_audit_symlinkat(vfs_handle_struct *handle,
1795 const struct smb_filename *link_contents,
1796 struct files_struct *dirfsp,
1797 const struct smb_filename *new_smb_fname)
1799 struct smb_filename *full_fname = NULL;
1802 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1805 if (full_fname == NULL) {
1809 result = SMB_VFS_NEXT_SYMLINKAT(handle,
1814 do_log(SMB_VFS_OP_SYMLINKAT,
1818 link_contents->base_name,
1819 smb_fname_str_do_log(handle->conn, full_fname));
1821 TALLOC_FREE(full_fname);
1826 static int smb_full_audit_readlinkat(vfs_handle_struct *handle,
1827 const struct files_struct *dirfsp,
1828 const struct smb_filename *smb_fname,
1832 struct smb_filename *full_fname = NULL;
1835 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1838 if (full_fname == NULL) {
1842 result = SMB_VFS_NEXT_READLINKAT(handle,
1848 do_log(SMB_VFS_OP_READLINKAT,
1852 smb_fname_str_do_log(handle->conn, full_fname));
1854 TALLOC_FREE(full_fname);
1859 static int smb_full_audit_linkat(vfs_handle_struct *handle,
1860 files_struct *srcfsp,
1861 const struct smb_filename *old_smb_fname,
1862 files_struct *dstfsp,
1863 const struct smb_filename *new_smb_fname,
1866 struct smb_filename *old_full_fname = NULL;
1867 struct smb_filename *new_full_fname = NULL;
1870 old_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1873 if (old_full_fname == NULL) {
1876 new_full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1879 if (new_full_fname == NULL) {
1880 TALLOC_FREE(old_full_fname);
1883 result = SMB_VFS_NEXT_LINKAT(handle,
1890 do_log(SMB_VFS_OP_LINKAT,
1894 smb_fname_str_do_log(handle->conn, old_full_fname),
1895 smb_fname_str_do_log(handle->conn, new_full_fname));
1897 TALLOC_FREE(old_full_fname);
1898 TALLOC_FREE(new_full_fname);
1903 static int smb_full_audit_mknodat(vfs_handle_struct *handle,
1904 files_struct *dirfsp,
1905 const struct smb_filename *smb_fname,
1909 struct smb_filename *full_fname = NULL;
1912 full_fname = full_path_from_dirfsp_atname(talloc_tos(),
1915 if (full_fname == NULL) {
1919 result = SMB_VFS_NEXT_MKNODAT(handle,
1925 do_log(SMB_VFS_OP_MKNODAT,
1929 smb_fname_str_do_log(handle->conn, full_fname));
1931 TALLOC_FREE(full_fname);
1936 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1938 const struct smb_filename *smb_fname)
1940 struct smb_filename *result_fname = NULL;
1942 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1944 do_log(SMB_VFS_OP_REALPATH,
1945 (result_fname != NULL),
1948 smb_fname_str_do_log(handle->conn, smb_fname));
1950 return result_fname;
1953 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1954 const struct smb_filename *smb_fname,
1959 result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags);
1961 do_log(SMB_VFS_OP_CHFLAGS,
1965 smb_fname_str_do_log(handle->conn, smb_fname));
1970 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1971 const SMB_STRUCT_STAT *sbuf)
1973 struct file_id id_zero = { 0 };
1974 struct file_id result;
1975 struct file_id_buf idbuf;
1977 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1979 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1980 !file_id_equal(&id_zero, &result),
1983 file_id_str_buf(result, &idbuf));
1988 static uint64_t smb_full_audit_fs_file_id(struct vfs_handle_struct *handle,
1989 const SMB_STRUCT_STAT *sbuf)
1993 result = SMB_VFS_NEXT_FS_FILE_ID(handle, sbuf);
1995 do_log(SMB_VFS_OP_FS_FILE_ID,
1997 handle, "%" PRIu64, result);
2002 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
2003 struct files_struct *fsp,
2004 const struct smb_filename *smb_fname,
2005 TALLOC_CTX *mem_ctx,
2006 unsigned int *pnum_streams,
2007 struct stream_struct **pstreams)
2011 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx,
2012 pnum_streams, pstreams);
2014 do_log(SMB_VFS_OP_STREAMINFO,
2015 NT_STATUS_IS_OK(result),
2018 smb_fname_str_do_log(handle->conn, smb_fname));
2023 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
2024 const struct smb_filename *path,
2026 TALLOC_CTX *mem_ctx,
2031 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
2034 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
2036 path->base_name, name, (result == 0) ? *found_name : "");
2041 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
2042 const struct smb_filename *smb_fname)
2046 result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
2048 do_log(SMB_VFS_OP_CONNECTPATH,
2052 smb_fname_str_do_log(handle->conn, smb_fname));
2057 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
2058 struct byte_range_lock *br_lck,
2059 struct lock_struct *plock)
2063 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock);
2065 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
2066 "%s:%llu-%llu. type=%d.",
2067 fsp_str_do_log(brl_fsp(br_lck)),
2068 (unsigned long long)plock->start,
2069 (unsigned long long)plock->size,
2075 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
2076 struct byte_range_lock *br_lck,
2077 const struct lock_struct *plock)
2081 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, br_lck, plock);
2083 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
2084 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
2085 (unsigned long long)plock->start,
2086 (unsigned long long)plock->size,
2092 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
2093 struct files_struct *fsp,
2094 struct lock_struct *plock)
2098 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
2100 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
2101 "%s:%llu-%llu:%d", fsp_str_do_log(fsp),
2102 (unsigned long long)plock->start,
2103 (unsigned long long)plock->size,
2109 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
2111 enum vfs_translate_direction direction,
2112 TALLOC_CTX *mem_ctx,
2117 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
2120 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
2125 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
2126 struct files_struct *fsp,
2130 const uint8_t *_in_data,
2132 uint8_t **_out_data,
2133 uint32_t max_out_len,
2138 result = SMB_VFS_NEXT_FSCTL(handle,
2149 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
2154 static struct tevent_req *smb_full_audit_offload_read_send(
2155 TALLOC_CTX *mem_ctx,
2156 struct tevent_context *ev,
2157 struct vfs_handle_struct *handle,
2158 struct files_struct *fsp,
2164 struct tevent_req *req = NULL;
2166 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
2167 fsctl, ttl, offset, to_copy);
2169 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
2174 static NTSTATUS smb_full_audit_offload_read_recv(
2175 struct tevent_req *req,
2176 struct vfs_handle_struct *handle,
2177 TALLOC_CTX *mem_ctx,
2178 DATA_BLOB *_token_blob)
2182 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
2185 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
2190 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
2191 TALLOC_CTX *mem_ctx,
2192 struct tevent_context *ev,
2195 off_t transfer_offset,
2196 struct files_struct *dest_fsp,
2200 struct tevent_req *req;
2202 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
2203 fsctl, token, transfer_offset,
2204 dest_fsp, dest_off, num);
2206 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
2211 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
2212 struct tevent_req *req,
2217 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
2219 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
2224 static NTSTATUS smb_full_audit_fget_compression(vfs_handle_struct *handle,
2225 TALLOC_CTX *mem_ctx,
2226 struct files_struct *fsp,
2227 uint16_t *_compression_fmt)
2231 result = SMB_VFS_NEXT_FGET_COMPRESSION(handle, mem_ctx, fsp,
2234 do_log(SMB_VFS_OP_FGET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2236 fsp_str_do_log(fsp));
2241 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
2242 TALLOC_CTX *mem_ctx,
2243 struct files_struct *fsp,
2244 uint16_t compression_fmt)
2248 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
2251 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
2252 "%s", fsp_str_do_log(fsp));
2257 static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
2258 const struct smb_filename *fname,
2259 TALLOC_CTX *mem_ctx,
2260 struct readdir_attr_data **pattr_data)
2264 status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
2266 do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
2267 smb_fname_str_do_log(handle->conn, fname));
2272 struct smb_full_audit_get_dos_attributes_state {
2273 struct vfs_aio_state aio_state;
2274 vfs_handle_struct *handle;
2275 files_struct *dir_fsp;
2276 const struct smb_filename *smb_fname;
2280 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq);
2282 static struct tevent_req *smb_full_audit_get_dos_attributes_send(
2283 TALLOC_CTX *mem_ctx,
2284 struct tevent_context *ev,
2285 struct vfs_handle_struct *handle,
2286 files_struct *dir_fsp,
2287 struct smb_filename *smb_fname)
2289 struct tevent_req *req = NULL;
2290 struct smb_full_audit_get_dos_attributes_state *state = NULL;
2291 struct tevent_req *subreq = NULL;
2293 req = tevent_req_create(mem_ctx, &state,
2294 struct smb_full_audit_get_dos_attributes_state);
2296 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2300 fsp_str_do_log(dir_fsp),
2301 smb_fname->base_name);
2304 *state = (struct smb_full_audit_get_dos_attributes_state) {
2307 .smb_fname = smb_fname,
2310 subreq = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_SEND(mem_ctx,
2315 if (tevent_req_nomem(subreq, req)) {
2316 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2320 fsp_str_do_log(dir_fsp),
2321 smb_fname->base_name);
2322 return tevent_req_post(req, ev);
2324 tevent_req_set_callback(subreq,
2325 smb_full_audit_get_dos_attributes_done,
2328 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_SEND,
2332 fsp_str_do_log(dir_fsp),
2333 smb_fname->base_name);
2338 static void smb_full_audit_get_dos_attributes_done(struct tevent_req *subreq)
2340 struct tevent_req *req =
2341 tevent_req_callback_data(subreq,
2343 struct smb_full_audit_get_dos_attributes_state *state =
2344 tevent_req_data(req,
2345 struct smb_full_audit_get_dos_attributes_state);
2348 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES_RECV(subreq,
2351 TALLOC_FREE(subreq);
2352 if (tevent_req_nterror(req, status)) {
2356 tevent_req_done(req);
2360 static NTSTATUS smb_full_audit_get_dos_attributes_recv(struct tevent_req *req,
2361 struct vfs_aio_state *aio_state,
2364 struct smb_full_audit_get_dos_attributes_state *state =
2365 tevent_req_data(req,
2366 struct smb_full_audit_get_dos_attributes_state);
2369 if (tevent_req_is_nterror(req, &status)) {
2370 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2374 fsp_str_do_log(state->dir_fsp),
2375 state->smb_fname->base_name);
2376 tevent_req_received(req);
2380 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES_RECV,
2384 fsp_str_do_log(state->dir_fsp),
2385 state->smb_fname->base_name);
2387 *aio_state = state->aio_state;
2388 *dosmode = state->dosmode;
2389 tevent_req_received(req);
2390 return NT_STATUS_OK;
2393 static NTSTATUS smb_full_audit_fget_dos_attributes(
2394 struct vfs_handle_struct *handle,
2395 struct files_struct *fsp,
2400 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2404 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2405 NT_STATUS_IS_OK(status),
2408 fsp_str_do_log(fsp));
2413 static NTSTATUS smb_full_audit_fset_dos_attributes(
2414 struct vfs_handle_struct *handle,
2415 struct files_struct *fsp,
2420 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2424 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2425 NT_STATUS_IS_OK(status),
2428 fsp_str_do_log(fsp));
2433 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2434 uint32_t security_info,
2435 TALLOC_CTX *mem_ctx,
2436 struct security_descriptor **ppdesc)
2440 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2443 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2444 "%s", fsp_str_do_log(fsp));
2449 static NTSTATUS smb_full_audit_get_nt_acl_at(vfs_handle_struct *handle,
2450 struct files_struct *dirfsp,
2451 const struct smb_filename *smb_fname,
2452 uint32_t security_info,
2453 TALLOC_CTX *mem_ctx,
2454 struct security_descriptor **ppdesc)
2458 result = SMB_VFS_NEXT_GET_NT_ACL_AT(handle,
2465 do_log(SMB_VFS_OP_GET_NT_ACL_AT,
2466 NT_STATUS_IS_OK(result),
2469 smb_fname_str_do_log(handle->conn, smb_fname));
2474 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2475 uint32_t security_info_sent,
2476 const struct security_descriptor *psd)
2478 struct vfs_full_audit_private_data *pd;
2482 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2483 struct vfs_full_audit_private_data,
2484 return NT_STATUS_INTERNAL_ERROR);
2486 if (pd->log_secdesc) {
2487 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2490 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2492 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2493 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2500 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2501 struct smb_filename *file,
2502 struct security_acl *sacl,
2503 uint32_t access_requested,
2504 uint32_t access_denied)
2508 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2514 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2516 smb_fname_str_do_log(handle->conn, file));
2521 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
2522 const struct smb_filename *smb_fname,
2523 SMB_ACL_TYPE_T type,
2524 TALLOC_CTX *mem_ctx)
2528 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
2531 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE,
2535 smb_fname_str_do_log(handle->conn, smb_fname));
2540 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2541 files_struct *fsp, TALLOC_CTX *mem_ctx)
2545 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
2547 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2548 "%s", fsp_str_do_log(fsp));
2553 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
2554 const struct smb_filename *smb_fname,
2555 TALLOC_CTX *mem_ctx,
2556 char **blob_description,
2561 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
2562 mem_ctx, blob_description, blob);
2564 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
2568 smb_fname_str_do_log(handle->conn, smb_fname));
2573 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2575 TALLOC_CTX *mem_ctx,
2576 char **blob_description,
2581 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2583 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2584 "%s", fsp_str_do_log(fsp));
2589 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle,
2590 struct files_struct *fsp,
2591 SMB_ACL_TYPE_T type,
2596 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, type, theacl);
2598 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2599 "%s", fsp_str_do_log(fsp));
2604 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2605 const struct smb_filename *smb_fname)
2609 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
2611 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
2615 smb_fname_str_do_log(handle->conn, smb_fname));
2620 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2621 const struct smb_filename *smb_fname,
2622 const char *name, void *value, size_t size)
2626 result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size);
2628 do_log(SMB_VFS_OP_GETXATTR,
2632 smb_fname_str_do_log(handle->conn, smb_fname),
2638 struct smb_full_audit_getxattrat_state {
2639 struct vfs_aio_state aio_state;
2640 vfs_handle_struct *handle;
2641 files_struct *dir_fsp;
2642 const struct smb_filename *smb_fname;
2643 const char *xattr_name;
2645 uint8_t *xattr_value;
2648 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq);
2650 static struct tevent_req *smb_full_audit_getxattrat_send(
2651 TALLOC_CTX *mem_ctx,
2652 struct tevent_context *ev,
2653 struct vfs_handle_struct *handle,
2654 files_struct *dir_fsp,
2655 const struct smb_filename *smb_fname,
2656 const char *xattr_name,
2659 struct tevent_req *req = NULL;
2660 struct tevent_req *subreq = NULL;
2661 struct smb_full_audit_getxattrat_state *state = NULL;
2663 req = tevent_req_create(mem_ctx, &state,
2664 struct smb_full_audit_getxattrat_state);
2666 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2670 fsp_str_do_log(dir_fsp),
2671 smb_fname->base_name,
2675 *state = (struct smb_full_audit_getxattrat_state) {
2678 .smb_fname = smb_fname,
2679 .xattr_name = xattr_name,
2682 subreq = SMB_VFS_NEXT_GETXATTRAT_SEND(state,
2689 if (tevent_req_nomem(subreq, req)) {
2690 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2694 fsp_str_do_log(dir_fsp),
2695 smb_fname->base_name,
2697 return tevent_req_post(req, ev);
2699 tevent_req_set_callback(subreq, smb_full_audit_getxattrat_done, req);
2701 do_log(SMB_VFS_OP_GETXATTRAT_SEND,
2705 fsp_str_do_log(dir_fsp),
2706 smb_fname->base_name,
2712 static void smb_full_audit_getxattrat_done(struct tevent_req *subreq)
2714 struct tevent_req *req = tevent_req_callback_data(
2715 subreq, struct tevent_req);
2716 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2717 req, struct smb_full_audit_getxattrat_state);
2719 state->xattr_size = SMB_VFS_NEXT_GETXATTRAT_RECV(subreq,
2722 &state->xattr_value);
2723 TALLOC_FREE(subreq);
2724 if (state->xattr_size == -1) {
2725 tevent_req_error(req, state->aio_state.error);
2729 tevent_req_done(req);
2732 static ssize_t smb_full_audit_getxattrat_recv(struct tevent_req *req,
2733 struct vfs_aio_state *aio_state,
2734 TALLOC_CTX *mem_ctx,
2735 uint8_t **xattr_value)
2737 struct smb_full_audit_getxattrat_state *state = tevent_req_data(
2738 req, struct smb_full_audit_getxattrat_state);
2741 if (tevent_req_is_unix_error(req, &aio_state->error)) {
2742 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2746 fsp_str_do_log(state->dir_fsp),
2747 state->smb_fname->base_name,
2749 tevent_req_received(req);
2753 do_log(SMB_VFS_OP_GETXATTRAT_RECV,
2757 fsp_str_do_log(state->dir_fsp),
2758 state->smb_fname->base_name,
2761 *aio_state = state->aio_state;
2762 xattr_size = state->xattr_size;
2763 if (xattr_value != NULL) {
2764 *xattr_value = talloc_move(mem_ctx, &state->xattr_value);
2767 tevent_req_received(req);
2771 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2772 struct files_struct *fsp,
2773 const char *name, void *value, size_t size)
2777 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2779 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2780 "%s|%s", fsp_str_do_log(fsp), name);
2785 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2786 struct files_struct *fsp, char *list,
2791 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2793 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2794 "%s", fsp_str_do_log(fsp));
2799 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2800 struct files_struct *fsp,
2805 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2807 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2808 "%s|%s", fsp_str_do_log(fsp), name);
2813 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2814 struct files_struct *fsp, const char *name,
2815 const void *value, size_t size, int flags)
2819 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2821 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2822 "%s|%s", fsp_str_do_log(fsp), name);
2827 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2828 struct files_struct *fsp)
2832 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2833 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2834 "%s", fsp_str_do_log(fsp));
2839 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2840 struct files_struct *fsp,
2841 TALLOC_CTX *mem_ctx,
2846 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2851 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2852 "%s", fsp_str_do_log(fsp));
2857 static NTSTATUS smb_full_audit_durable_disconnect(
2858 struct vfs_handle_struct *handle,
2859 struct files_struct *fsp,
2860 const DATA_BLOB old_cookie,
2861 TALLOC_CTX *mem_ctx,
2862 DATA_BLOB *new_cookie)
2866 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2872 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2873 "%s", fsp_str_do_log(fsp));
2878 static NTSTATUS smb_full_audit_durable_reconnect(
2879 struct vfs_handle_struct *handle,
2880 struct smb_request *smb1req,
2881 struct smbXsrv_open *op,
2882 const DATA_BLOB old_cookie,
2883 TALLOC_CTX *mem_ctx,
2884 struct files_struct **fsp,
2885 DATA_BLOB *new_cookie)
2889 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2897 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2898 NT_STATUS_IS_OK(result),
2905 static struct vfs_fn_pointers vfs_full_audit_fns = {
2907 /* Disk operations */
2909 .connect_fn = smb_full_audit_connect,
2910 .disconnect_fn = smb_full_audit_disconnect,
2911 .disk_free_fn = smb_full_audit_disk_free,
2912 .get_quota_fn = smb_full_audit_get_quota,
2913 .set_quota_fn = smb_full_audit_set_quota,
2914 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2915 .statvfs_fn = smb_full_audit_statvfs,
2916 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2917 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2918 .create_dfs_pathat_fn = smb_full_audit_create_dfs_pathat,
2919 .read_dfs_pathat_fn = smb_full_audit_read_dfs_pathat,
2920 .fdopendir_fn = smb_full_audit_fdopendir,
2921 .readdir_fn = smb_full_audit_readdir,
2922 .seekdir_fn = smb_full_audit_seekdir,
2923 .telldir_fn = smb_full_audit_telldir,
2924 .rewind_dir_fn = smb_full_audit_rewinddir,
2925 .mkdirat_fn = smb_full_audit_mkdirat,
2926 .closedir_fn = smb_full_audit_closedir,
2927 .openat_fn = smb_full_audit_openat,
2928 .create_file_fn = smb_full_audit_create_file,
2929 .close_fn = smb_full_audit_close,
2930 .pread_fn = smb_full_audit_pread,
2931 .pread_send_fn = smb_full_audit_pread_send,
2932 .pread_recv_fn = smb_full_audit_pread_recv,
2933 .pwrite_fn = smb_full_audit_pwrite,
2934 .pwrite_send_fn = smb_full_audit_pwrite_send,
2935 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2936 .lseek_fn = smb_full_audit_lseek,
2937 .sendfile_fn = smb_full_audit_sendfile,
2938 .recvfile_fn = smb_full_audit_recvfile,
2939 .renameat_fn = smb_full_audit_renameat,
2940 .fsync_send_fn = smb_full_audit_fsync_send,
2941 .fsync_recv_fn = smb_full_audit_fsync_recv,
2942 .stat_fn = smb_full_audit_stat,
2943 .fstat_fn = smb_full_audit_fstat,
2944 .lstat_fn = smb_full_audit_lstat,
2945 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2946 .unlinkat_fn = smb_full_audit_unlinkat,
2947 .fchmod_fn = smb_full_audit_fchmod,
2948 .fchown_fn = smb_full_audit_fchown,
2949 .lchown_fn = smb_full_audit_lchown,
2950 .chdir_fn = smb_full_audit_chdir,
2951 .getwd_fn = smb_full_audit_getwd,
2952 .ntimes_fn = smb_full_audit_ntimes,
2953 .ftruncate_fn = smb_full_audit_ftruncate,
2954 .fallocate_fn = smb_full_audit_fallocate,
2955 .lock_fn = smb_full_audit_lock,
2956 .kernel_flock_fn = smb_full_audit_kernel_flock,
2957 .fcntl_fn = smb_full_audit_fcntl,
2958 .linux_setlease_fn = smb_full_audit_linux_setlease,
2959 .getlock_fn = smb_full_audit_getlock,
2960 .symlinkat_fn = smb_full_audit_symlinkat,
2961 .readlinkat_fn = smb_full_audit_readlinkat,
2962 .linkat_fn = smb_full_audit_linkat,
2963 .mknodat_fn = smb_full_audit_mknodat,
2964 .realpath_fn = smb_full_audit_realpath,
2965 .chflags_fn = smb_full_audit_chflags,
2966 .file_id_create_fn = smb_full_audit_file_id_create,
2967 .fs_file_id_fn = smb_full_audit_fs_file_id,
2968 .offload_read_send_fn = smb_full_audit_offload_read_send,
2969 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
2970 .offload_write_send_fn = smb_full_audit_offload_write_send,
2971 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
2972 .fget_compression_fn = smb_full_audit_fget_compression,
2973 .set_compression_fn = smb_full_audit_set_compression,
2974 .snap_check_path_fn = smb_full_audit_snap_check_path,
2975 .snap_create_fn = smb_full_audit_snap_create,
2976 .snap_delete_fn = smb_full_audit_snap_delete,
2977 .streaminfo_fn = smb_full_audit_streaminfo,
2978 .get_real_filename_fn = smb_full_audit_get_real_filename,
2979 .connectpath_fn = smb_full_audit_connectpath,
2980 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2981 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2982 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
2983 .translate_name_fn = smb_full_audit_translate_name,
2984 .fsctl_fn = smb_full_audit_fsctl,
2985 .get_dos_attributes_send_fn = smb_full_audit_get_dos_attributes_send,
2986 .get_dos_attributes_recv_fn = smb_full_audit_get_dos_attributes_recv,
2987 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
2988 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
2989 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2990 .get_nt_acl_at_fn = smb_full_audit_get_nt_acl_at,
2991 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2992 .audit_file_fn = smb_full_audit_audit_file,
2993 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2994 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2995 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2996 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2997 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2998 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2999 .getxattr_fn = smb_full_audit_getxattr,
3000 .getxattrat_send_fn = smb_full_audit_getxattrat_send,
3001 .getxattrat_recv_fn = smb_full_audit_getxattrat_recv,
3002 .fgetxattr_fn = smb_full_audit_fgetxattr,
3003 .flistxattr_fn = smb_full_audit_flistxattr,
3004 .fremovexattr_fn = smb_full_audit_fremovexattr,
3005 .fsetxattr_fn = smb_full_audit_fsetxattr,
3006 .aio_force_fn = smb_full_audit_aio_force,
3007 .durable_cookie_fn = smb_full_audit_durable_cookie,
3008 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
3009 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
3010 .readdir_attr_fn = smb_full_audit_readdir_attr
3015 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
3019 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
3021 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
3022 &vfs_full_audit_fns);
3024 if (!NT_STATUS_IS_OK(ret))
3027 vfs_full_audit_debug_level = debug_add_class("full_audit");
3028 if (vfs_full_audit_debug_level == -1) {
3029 vfs_full_audit_debug_level = DBGC_VFS;
3030 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
3033 DEBUG(10, ("vfs_full_audit: Debug class number of "
3034 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / samba.git / blob