2 * Auditing VFS module for samba. Log selected file operations to syslog
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
26 * This module implements parseable logging for all Samba VFS operations.
28 * You use it as follows:
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
49 * prefix: A macro expansion template prepended to the syslog entry.
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
71 static int vfs_full_audit_debug_level = DBGC_VFS;
73 struct vfs_full_audit_private_data {
74 struct bitmap *success_ops;
75 struct bitmap *failure_ops;
79 #define DBGC_CLASS vfs_full_audit_debug_level
81 typedef enum _vfs_op_type {
86 SMB_VFS_OP_CONNECT = 0,
87 SMB_VFS_OP_DISCONNECT,
91 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
93 SMB_VFS_OP_FS_CAPABILITIES,
95 /* Directory operations */
102 SMB_VFS_OP_REWINDDIR,
106 SMB_VFS_OP_INIT_SEARCH_OP,
108 /* File operations */
111 SMB_VFS_OP_CREATE_FILE,
115 SMB_VFS_OP_PREAD_SEND,
116 SMB_VFS_OP_PREAD_RECV,
119 SMB_VFS_OP_PWRITE_SEND,
120 SMB_VFS_OP_PWRITE_RECV,
126 SMB_VFS_OP_FSYNC_SEND,
127 SMB_VFS_OP_FSYNC_RECV,
131 SMB_VFS_OP_GET_ALLOC_SIZE,
141 SMB_VFS_OP_FTRUNCATE,
142 SMB_VFS_OP_FALLOCATE,
144 SMB_VFS_OP_KERNEL_FLOCK,
145 SMB_VFS_OP_LINUX_SETLEASE,
152 SMB_VFS_OP_NOTIFY_WATCH,
154 SMB_VFS_OP_FILE_ID_CREATE,
155 SMB_VFS_OP_STREAMINFO,
156 SMB_VFS_OP_GET_REAL_FILENAME,
157 SMB_VFS_OP_CONNECTPATH,
158 SMB_VFS_OP_BRL_LOCK_WINDOWS,
159 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
160 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
161 SMB_VFS_OP_STRICT_LOCK,
162 SMB_VFS_OP_STRICT_UNLOCK,
163 SMB_VFS_OP_TRANSLATE_NAME,
165 /* NT ACL operations. */
167 SMB_VFS_OP_FGET_NT_ACL,
168 SMB_VFS_OP_GET_NT_ACL,
169 SMB_VFS_OP_FSET_NT_ACL,
171 /* POSIX ACL operations. */
173 SMB_VFS_OP_CHMOD_ACL,
174 SMB_VFS_OP_FCHMOD_ACL,
176 SMB_VFS_OP_SYS_ACL_GET_FILE,
177 SMB_VFS_OP_SYS_ACL_GET_FD,
178 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
179 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
180 SMB_VFS_OP_SYS_ACL_SET_FILE,
181 SMB_VFS_OP_SYS_ACL_SET_FD,
182 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
186 SMB_VFS_OP_FGETXATTR,
187 SMB_VFS_OP_LISTXATTR,
188 SMB_VFS_OP_FLISTXATTR,
189 SMB_VFS_OP_REMOVEXATTR,
190 SMB_VFS_OP_FREMOVEXATTR,
192 SMB_VFS_OP_FSETXATTR,
195 SMB_VFS_OP_AIO_FORCE,
197 /* offline operations */
198 SMB_VFS_OP_IS_OFFLINE,
199 SMB_VFS_OP_SET_OFFLINE,
201 /* This should always be last enum value */
206 /* The following array *must* be in the same order as defined in vfs.h */
212 { SMB_VFS_OP_CONNECT, "connect" },
213 { SMB_VFS_OP_DISCONNECT, "disconnect" },
214 { SMB_VFS_OP_DISK_FREE, "disk_free" },
215 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
216 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
217 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
218 { SMB_VFS_OP_STATVFS, "statvfs" },
219 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
220 { SMB_VFS_OP_OPENDIR, "opendir" },
221 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
222 { SMB_VFS_OP_READDIR, "readdir" },
223 { SMB_VFS_OP_SEEKDIR, "seekdir" },
224 { SMB_VFS_OP_TELLDIR, "telldir" },
225 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
226 { SMB_VFS_OP_MKDIR, "mkdir" },
227 { SMB_VFS_OP_RMDIR, "rmdir" },
228 { SMB_VFS_OP_CLOSEDIR, "closedir" },
229 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
230 { SMB_VFS_OP_OPEN, "open" },
231 { SMB_VFS_OP_CREATE_FILE, "create_file" },
232 { SMB_VFS_OP_CLOSE, "close" },
233 { SMB_VFS_OP_READ, "read" },
234 { SMB_VFS_OP_PREAD, "pread" },
235 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
236 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
237 { SMB_VFS_OP_WRITE, "write" },
238 { SMB_VFS_OP_PWRITE, "pwrite" },
239 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
240 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
241 { SMB_VFS_OP_LSEEK, "lseek" },
242 { SMB_VFS_OP_SENDFILE, "sendfile" },
243 { SMB_VFS_OP_RECVFILE, "recvfile" },
244 { SMB_VFS_OP_RENAME, "rename" },
245 { SMB_VFS_OP_FSYNC, "fsync" },
246 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
247 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
248 { SMB_VFS_OP_STAT, "stat" },
249 { SMB_VFS_OP_FSTAT, "fstat" },
250 { SMB_VFS_OP_LSTAT, "lstat" },
251 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
252 { SMB_VFS_OP_UNLINK, "unlink" },
253 { SMB_VFS_OP_CHMOD, "chmod" },
254 { SMB_VFS_OP_FCHMOD, "fchmod" },
255 { SMB_VFS_OP_CHOWN, "chown" },
256 { SMB_VFS_OP_FCHOWN, "fchown" },
257 { SMB_VFS_OP_LCHOWN, "lchown" },
258 { SMB_VFS_OP_CHDIR, "chdir" },
259 { SMB_VFS_OP_GETWD, "getwd" },
260 { SMB_VFS_OP_NTIMES, "ntimes" },
261 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
262 { SMB_VFS_OP_FALLOCATE,"fallocate" },
263 { SMB_VFS_OP_LOCK, "lock" },
264 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
265 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
266 { SMB_VFS_OP_GETLOCK, "getlock" },
267 { SMB_VFS_OP_SYMLINK, "symlink" },
268 { SMB_VFS_OP_READLINK, "readlink" },
269 { SMB_VFS_OP_LINK, "link" },
270 { SMB_VFS_OP_MKNOD, "mknod" },
271 { SMB_VFS_OP_REALPATH, "realpath" },
272 { SMB_VFS_OP_NOTIFY_WATCH, "notify_watch" },
273 { SMB_VFS_OP_CHFLAGS, "chflags" },
274 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
275 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
276 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
277 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
278 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
279 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
280 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
281 { SMB_VFS_OP_STRICT_LOCK, "strict_lock" },
282 { SMB_VFS_OP_STRICT_UNLOCK, "strict_unlock" },
283 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
284 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
285 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
286 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
287 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
288 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
289 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
290 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
291 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
292 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
293 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
294 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
295 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
296 { SMB_VFS_OP_GETXATTR, "getxattr" },
297 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
298 { SMB_VFS_OP_LISTXATTR, "listxattr" },
299 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
300 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
301 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
302 { SMB_VFS_OP_SETXATTR, "setxattr" },
303 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
304 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
305 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
306 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
307 { SMB_VFS_OP_LAST, NULL }
310 static int audit_syslog_facility(vfs_handle_struct *handle)
312 static const struct enum_list enum_log_facilities[] = {
313 { LOG_USER, "USER" },
314 { LOG_LOCAL0, "LOCAL0" },
315 { LOG_LOCAL1, "LOCAL1" },
316 { LOG_LOCAL2, "LOCAL2" },
317 { LOG_LOCAL3, "LOCAL3" },
318 { LOG_LOCAL4, "LOCAL4" },
319 { LOG_LOCAL5, "LOCAL5" },
320 { LOG_LOCAL6, "LOCAL6" },
321 { LOG_LOCAL7, "LOCAL7" },
327 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
332 static int audit_syslog_priority(vfs_handle_struct *handle)
334 static const struct enum_list enum_log_priorities[] = {
335 { LOG_EMERG, "EMERG" },
336 { LOG_ALERT, "ALERT" },
337 { LOG_CRIT, "CRIT" },
339 { LOG_WARNING, "WARNING" },
340 { LOG_NOTICE, "NOTICE" },
341 { LOG_INFO, "INFO" },
342 { LOG_DEBUG, "DEBUG" },
348 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
349 enum_log_priorities, LOG_NOTICE);
350 if (priority == -1) {
351 priority = LOG_WARNING;
357 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
362 prefix = talloc_strdup(ctx,
363 lp_parm_const_string(SNUM(conn), "full_audit",
368 result = talloc_sub_advanced(ctx,
369 lp_servicename(talloc_tos(), SNUM(conn)),
370 conn->session_info->unix_info->unix_name,
372 conn->session_info->unix_token->gid,
373 conn->session_info->unix_info->sanitized_username,
374 conn->session_info->info->domain_name,
380 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)
382 struct vfs_full_audit_private_data *pd = NULL;
384 SMB_VFS_HANDLE_GET_DATA(handle, pd,
385 struct vfs_full_audit_private_data,
388 if (pd->success_ops == NULL) {
392 return bitmap_query(pd->success_ops, op);
395 static bool log_failure(vfs_handle_struct *handle, vfs_op_type op)
397 struct vfs_full_audit_private_data *pd = NULL;
399 SMB_VFS_HANDLE_GET_DATA(handle, pd,
400 struct vfs_full_audit_private_data,
403 if (pd->failure_ops == NULL)
406 return bitmap_query(pd->failure_ops, op);
409 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
417 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
419 DEBUG(0, ("Could not alloc bitmap -- "
420 "defaulting to logging everything\n"));
424 for (; *ops != NULL; ops += 1) {
429 if (strequal(*ops, "all")) {
430 for (i=0; i<SMB_VFS_OP_LAST; i++) {
436 if (strequal(*ops, "none")) {
446 for (i=0; i<SMB_VFS_OP_LAST; i++) {
447 if (vfs_op_names[i].name == NULL) {
448 smb_panic("vfs_full_audit.c: name table not "
449 "in sync with vfs.h\n");
451 if (strequal(op, vfs_op_names[i].name)) {
460 if (i == SMB_VFS_OP_LAST) {
461 DEBUG(0, ("Could not find opname %s, logging all\n",
470 static const char *audit_opname(vfs_op_type op)
472 if (op >= SMB_VFS_OP_LAST)
473 return "INVALID VFS OP";
474 return vfs_op_names[op].name;
477 static TALLOC_CTX *tmp_do_log_ctx;
479 * Get us a temporary talloc context usable just for DEBUG arguments
481 static TALLOC_CTX *do_log_ctx(void)
483 if (tmp_do_log_ctx == NULL) {
484 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
486 return tmp_do_log_ctx;
489 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
490 const char *format, ...)
493 char *audit_pre = NULL;
498 if (success && (!log_success(handle, op)))
501 if (!success && (!log_failure(handle, op)))
505 fstrcpy(err_msg, "ok");
507 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
509 va_start(ap, format);
510 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
518 * Specify the facility to interoperate with other syslog callers
519 * (smbd for example).
521 priority = audit_syslog_priority(handle) |
522 audit_syslog_facility(handle);
524 audit_pre = audit_prefix(talloc_tos(), handle->conn);
525 syslog(priority, "%s|%s|%s|%s\n",
526 audit_pre ? audit_pre : "",
527 audit_opname(op), err_msg, op_msg);
530 TALLOC_FREE(audit_pre);
532 TALLOC_FREE(tmp_do_log_ctx);
536 * Return a string using the do_log_ctx()
538 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
543 if (smb_fname == NULL) {
546 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
547 if (!NT_STATUS_IS_OK(status)) {
554 * Return an fsp debug string using the do_log_ctx()
556 static const char *fsp_str_do_log(const struct files_struct *fsp)
558 return smb_fname_str_do_log(fsp->fsp_name);
561 /* Implementation of vfs_ops. Pass everything on to the default
562 operation but log event first. */
564 static int smb_full_audit_connect(vfs_handle_struct *handle,
565 const char *svc, const char *user)
568 struct vfs_full_audit_private_data *pd = NULL;
570 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
575 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
577 SMB_VFS_NEXT_DISCONNECT(handle);
582 openlog("smbd_audit", 0, audit_syslog_facility(handle));
585 pd->success_ops = init_bitmap(
586 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
588 pd->failure_ops = init_bitmap(
589 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
592 /* Store the private data. */
593 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
594 struct vfs_full_audit_private_data, return -1);
596 do_log(SMB_VFS_OP_CONNECT, True, handle,
602 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
604 SMB_VFS_NEXT_DISCONNECT(handle);
606 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
607 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
609 /* The bitmaps will be disconnected when the private
613 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
615 bool small_query, uint64_t *bsize,
616 uint64_t *dfree, uint64_t *dsize)
620 result = SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize,
623 /* Don't have a reasonable notion of failure here */
625 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
630 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
631 enum SMB_QUOTA_TYPE qtype, unid_t id,
636 result = SMB_VFS_NEXT_GET_QUOTA(handle, qtype, id, qt);
638 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
644 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
645 enum SMB_QUOTA_TYPE qtype, unid_t id,
650 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
652 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
657 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
658 struct files_struct *fsp,
659 struct shadow_copy_data *shadow_copy_data,
664 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
666 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
671 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
673 struct vfs_statvfs_struct *statbuf)
677 result = SMB_VFS_NEXT_STATVFS(handle, path, statbuf);
679 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
684 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
688 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
690 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
695 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
696 const char *fname, const char *mask, uint32 attr)
700 result = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
702 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
707 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
708 files_struct *fsp, const char *mask, uint32 attr)
712 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
714 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
715 fsp_str_do_log(fsp));
720 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
721 DIR *dirp, SMB_STRUCT_STAT *sbuf)
723 struct dirent *result;
725 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
727 /* This operation has no reasonable error condition
728 * (End of dir is also failure), so always succeed.
730 do_log(SMB_VFS_OP_READDIR, True, handle, "");
735 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
736 DIR *dirp, long offset)
738 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
740 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
743 static long smb_full_audit_telldir(vfs_handle_struct *handle,
748 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
750 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
755 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
758 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
760 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
763 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
764 const char *path, mode_t mode)
768 result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
770 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
775 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
780 result = SMB_VFS_NEXT_RMDIR(handle, path);
782 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
787 static int smb_full_audit_closedir(vfs_handle_struct *handle,
792 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
794 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
799 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
802 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
804 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
807 static int smb_full_audit_open(vfs_handle_struct *handle,
808 struct smb_filename *smb_fname,
809 files_struct *fsp, int flags, mode_t mode)
813 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
815 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
816 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
817 smb_fname_str_do_log(smb_fname));
822 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
823 struct smb_request *req,
824 uint16_t root_dir_fid,
825 struct smb_filename *smb_fname,
826 uint32_t access_mask,
827 uint32_t share_access,
828 uint32_t create_disposition,
829 uint32_t create_options,
830 uint32_t file_attributes,
831 uint32_t oplock_request,
832 uint64_t allocation_size,
833 uint32_t private_flags,
834 struct security_descriptor *sd,
835 struct ea_list *ea_list,
836 files_struct **result_fsp,
840 const char* str_create_disposition;
842 switch (create_disposition) {
844 str_create_disposition = "supersede";
846 case FILE_OVERWRITE_IF:
847 str_create_disposition = "overwrite_if";
850 str_create_disposition = "open";
853 str_create_disposition = "overwrite";
856 str_create_disposition = "create";
859 str_create_disposition = "open_if";
862 str_create_disposition = "unknown";
865 result = SMB_VFS_NEXT_CREATE_FILE(
868 root_dir_fid, /* root_dir_fid */
869 smb_fname, /* fname */
870 access_mask, /* access_mask */
871 share_access, /* share_access */
872 create_disposition, /* create_disposition*/
873 create_options, /* create_options */
874 file_attributes, /* file_attributes */
875 oplock_request, /* oplock_request */
876 allocation_size, /* allocation_size */
879 ea_list, /* ea_list */
880 result_fsp, /* result */
883 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
884 "0x%x|%s|%s|%s", access_mask,
885 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
886 str_create_disposition, smb_fname_str_do_log(smb_fname));
891 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
895 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
897 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
898 fsp_str_do_log(fsp));
903 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
904 void *data, size_t n)
908 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
910 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
911 fsp_str_do_log(fsp));
916 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
917 void *data, size_t n, off_t offset)
921 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
923 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
924 fsp_str_do_log(fsp));
929 struct smb_full_audit_pread_state {
930 vfs_handle_struct *handle;
936 static void smb_full_audit_pread_done(struct tevent_req *subreq);
938 static struct tevent_req *smb_full_audit_pread_send(
939 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
940 struct tevent_context *ev, struct files_struct *fsp,
941 void *data, size_t n, off_t offset)
943 struct tevent_req *req, *subreq;
944 struct smb_full_audit_pread_state *state;
946 req = tevent_req_create(mem_ctx, &state,
947 struct smb_full_audit_pread_state);
949 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
950 fsp_str_do_log(fsp));
953 state->handle = handle;
956 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
958 if (tevent_req_nomem(subreq, req)) {
959 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
960 fsp_str_do_log(fsp));
961 return tevent_req_post(req, ev);
963 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
965 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
969 static void smb_full_audit_pread_done(struct tevent_req *subreq)
971 struct tevent_req *req = tevent_req_callback_data(
972 subreq, struct tevent_req);
973 struct smb_full_audit_pread_state *state = tevent_req_data(
974 req, struct smb_full_audit_pread_state);
976 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
978 tevent_req_done(req);
981 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req, int *err)
983 struct smb_full_audit_pread_state *state = tevent_req_data(
984 req, struct smb_full_audit_pread_state);
986 if (tevent_req_is_unix_error(req, err)) {
987 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
988 fsp_str_do_log(state->fsp));
992 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
993 fsp_str_do_log(state->fsp));
999 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1000 const void *data, size_t n)
1004 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1006 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1007 fsp_str_do_log(fsp));
1012 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1013 const void *data, size_t n,
1018 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1020 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1021 fsp_str_do_log(fsp));
1026 struct smb_full_audit_pwrite_state {
1027 vfs_handle_struct *handle;
1033 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1035 static struct tevent_req *smb_full_audit_pwrite_send(
1036 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1037 struct tevent_context *ev, struct files_struct *fsp,
1038 const void *data, size_t n, off_t offset)
1040 struct tevent_req *req, *subreq;
1041 struct smb_full_audit_pwrite_state *state;
1043 req = tevent_req_create(mem_ctx, &state,
1044 struct smb_full_audit_pwrite_state);
1046 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1047 fsp_str_do_log(fsp));
1050 state->handle = handle;
1053 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1055 if (tevent_req_nomem(subreq, req)) {
1056 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1057 fsp_str_do_log(fsp));
1058 return tevent_req_post(req, ev);
1060 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1062 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1063 fsp_str_do_log(fsp));
1067 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1069 struct tevent_req *req = tevent_req_callback_data(
1070 subreq, struct tevent_req);
1071 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1072 req, struct smb_full_audit_pwrite_state);
1074 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
1075 TALLOC_FREE(subreq);
1076 tevent_req_done(req);
1079 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req, int *err)
1081 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1082 req, struct smb_full_audit_pwrite_state);
1084 if (tevent_req_is_unix_error(req, err)) {
1085 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1086 fsp_str_do_log(state->fsp));
1090 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1091 fsp_str_do_log(state->fsp));
1097 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1098 off_t offset, int whence)
1102 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1104 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1105 "%s", fsp_str_do_log(fsp));
1110 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1111 files_struct *fromfsp,
1112 const DATA_BLOB *hdr, off_t offset,
1117 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1119 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1120 "%s", fsp_str_do_log(fromfsp));
1125 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1126 files_struct *tofsp,
1132 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1134 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1135 "%s", fsp_str_do_log(tofsp));
1140 static int smb_full_audit_rename(vfs_handle_struct *handle,
1141 const struct smb_filename *smb_fname_src,
1142 const struct smb_filename *smb_fname_dst)
1146 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1148 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1149 smb_fname_str_do_log(smb_fname_src),
1150 smb_fname_str_do_log(smb_fname_dst));
1155 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1159 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1161 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1162 fsp_str_do_log(fsp));
1167 struct smb_full_audit_fsync_state {
1168 vfs_handle_struct *handle;
1174 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1176 static struct tevent_req *smb_full_audit_fsync_send(
1177 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1178 struct tevent_context *ev, struct files_struct *fsp)
1180 struct tevent_req *req, *subreq;
1181 struct smb_full_audit_fsync_state *state;
1183 req = tevent_req_create(mem_ctx, &state,
1184 struct smb_full_audit_fsync_state);
1186 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1187 fsp_str_do_log(fsp));
1190 state->handle = handle;
1193 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1194 if (tevent_req_nomem(subreq, req)) {
1195 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1196 fsp_str_do_log(fsp));
1197 return tevent_req_post(req, ev);
1199 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1201 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1205 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1207 struct tevent_req *req = tevent_req_callback_data(
1208 subreq, struct tevent_req);
1209 struct smb_full_audit_fsync_state *state = tevent_req_data(
1210 req, struct smb_full_audit_fsync_state);
1212 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->err);
1213 TALLOC_FREE(subreq);
1214 tevent_req_done(req);
1217 static int smb_full_audit_fsync_recv(struct tevent_req *req, int *err)
1219 struct smb_full_audit_fsync_state *state = tevent_req_data(
1220 req, struct smb_full_audit_fsync_state);
1222 if (tevent_req_is_unix_error(req, err)) {
1223 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1224 fsp_str_do_log(state->fsp));
1228 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1229 fsp_str_do_log(state->fsp));
1235 static int smb_full_audit_stat(vfs_handle_struct *handle,
1236 struct smb_filename *smb_fname)
1240 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1242 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1243 smb_fname_str_do_log(smb_fname));
1248 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1249 SMB_STRUCT_STAT *sbuf)
1253 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1255 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1256 fsp_str_do_log(fsp));
1261 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1262 struct smb_filename *smb_fname)
1266 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1268 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1269 smb_fname_str_do_log(smb_fname));
1274 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1275 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1279 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1281 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1287 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1288 const struct smb_filename *smb_fname)
1292 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1294 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1295 smb_fname_str_do_log(smb_fname));
1300 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1301 const char *path, mode_t mode)
1305 result = SMB_VFS_NEXT_CHMOD(handle, path, mode);
1307 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1312 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1317 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1319 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1320 "%s|%o", fsp_str_do_log(fsp), mode);
1325 static int smb_full_audit_chown(vfs_handle_struct *handle,
1326 const char *path, uid_t uid, gid_t gid)
1330 result = SMB_VFS_NEXT_CHOWN(handle, path, uid, gid);
1332 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1333 path, (long int)uid, (long int)gid);
1338 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1339 uid_t uid, gid_t gid)
1343 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1345 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1346 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1351 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1352 const char *path, uid_t uid, gid_t gid)
1356 result = SMB_VFS_NEXT_LCHOWN(handle, path, uid, gid);
1358 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1359 path, (long int)uid, (long int)gid);
1364 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1369 result = SMB_VFS_NEXT_CHDIR(handle, path);
1371 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1376 static char *smb_full_audit_getwd(vfs_handle_struct *handle)
1380 result = SMB_VFS_NEXT_GETWD(handle);
1382 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1383 result == NULL? "" : result);
1388 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1389 const struct smb_filename *smb_fname,
1390 struct smb_file_time *ft)
1394 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1396 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1397 smb_fname_str_do_log(smb_fname));
1402 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1407 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1409 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1410 "%s", fsp_str_do_log(fsp));
1415 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1416 enum vfs_fallocate_mode mode,
1422 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1424 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1425 "%s", fsp_str_do_log(fsp));
1430 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1431 int op, off_t offset, off_t count, int type)
1435 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1437 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1442 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1443 struct files_struct *fsp,
1444 uint32 share_mode, uint32 access_mask)
1448 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1450 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1451 fsp_str_do_log(fsp));
1456 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1461 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1463 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1464 fsp_str_do_log(fsp));
1469 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1470 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1474 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1476 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1481 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1482 const char *oldpath, const char *newpath)
1486 result = SMB_VFS_NEXT_SYMLINK(handle, oldpath, newpath);
1488 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1489 "%s|%s", oldpath, newpath);
1494 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1495 const char *path, char *buf, size_t bufsiz)
1499 result = SMB_VFS_NEXT_READLINK(handle, path, buf, bufsiz);
1501 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1506 static int smb_full_audit_link(vfs_handle_struct *handle,
1507 const char *oldpath, const char *newpath)
1511 result = SMB_VFS_NEXT_LINK(handle, oldpath, newpath);
1513 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1514 "%s|%s", oldpath, newpath);
1519 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1520 const char *pathname, mode_t mode, SMB_DEV_T dev)
1524 result = SMB_VFS_NEXT_MKNOD(handle, pathname, mode, dev);
1526 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1531 static char *smb_full_audit_realpath(vfs_handle_struct *handle,
1536 result = SMB_VFS_NEXT_REALPATH(handle, path);
1538 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1543 static NTSTATUS smb_full_audit_notify_watch(struct vfs_handle_struct *handle,
1544 struct sys_notify_context *ctx,
1547 uint32_t *subdir_filter,
1548 void (*callback)(struct sys_notify_context *ctx,
1550 struct notify_event *ev),
1551 void *private_data, void *handle_p)
1555 result = SMB_VFS_NEXT_NOTIFY_WATCH(handle, ctx, path,
1556 filter, subdir_filter, callback,
1557 private_data, handle_p);
1559 do_log(SMB_VFS_OP_NOTIFY_WATCH, NT_STATUS_IS_OK(result), handle, "");
1564 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1565 const char *path, unsigned int flags)
1569 result = SMB_VFS_NEXT_CHFLAGS(handle, path, flags);
1571 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s", path);
1576 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1577 const SMB_STRUCT_STAT *sbuf)
1579 struct file_id id_zero;
1580 struct file_id result;
1582 ZERO_STRUCT(id_zero);
1584 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1586 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1587 !file_id_equal(&id_zero, &result),
1588 handle, "%s", file_id_string_tos(&result));
1593 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1594 struct files_struct *fsp,
1596 TALLOC_CTX *mem_ctx,
1597 unsigned int *pnum_streams,
1598 struct stream_struct **pstreams)
1602 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx,
1603 pnum_streams, pstreams);
1605 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1611 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1614 TALLOC_CTX *mem_ctx,
1619 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1622 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1623 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1628 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1633 result = SMB_VFS_NEXT_CONNECTPATH(handle, fname);
1635 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1641 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1642 struct byte_range_lock *br_lck,
1643 struct lock_struct *plock,
1645 struct blocking_lock_record *blr)
1649 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1650 blocking_lock, blr);
1652 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1653 "%s:%llu-%llu. type=%d. blocking=%d", fsp_str_do_log(br_lck->fsp),
1654 plock->start, plock->size, plock->lock_type, blocking_lock);
1659 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1660 struct messaging_context *msg_ctx,
1661 struct byte_range_lock *br_lck,
1662 const struct lock_struct *plock)
1666 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1669 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1670 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1671 plock->size, plock->lock_type);
1676 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1677 struct byte_range_lock *br_lck,
1678 struct lock_struct *plock,
1679 struct blocking_lock_record *blr)
1683 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock, blr);
1685 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1686 "%s:%llu-%llu:%d", fsp_str_do_log(br_lck->fsp), plock->start,
1687 plock->size, plock->lock_type);
1692 static bool smb_full_audit_strict_lock(struct vfs_handle_struct *handle,
1693 struct files_struct *fsp,
1694 struct lock_struct *plock)
1698 result = SMB_VFS_NEXT_STRICT_LOCK(handle, fsp, plock);
1700 do_log(SMB_VFS_OP_STRICT_LOCK, result, handle,
1701 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1702 plock->size, plock->lock_type);
1707 static void smb_full_audit_strict_unlock(struct vfs_handle_struct *handle,
1708 struct files_struct *fsp,
1709 struct lock_struct *plock)
1711 SMB_VFS_NEXT_STRICT_UNLOCK(handle, fsp, plock);
1713 do_log(SMB_VFS_OP_STRICT_UNLOCK, true, handle,
1714 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1715 plock->size, plock->lock_type);
1718 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1720 enum vfs_translate_direction direction,
1721 TALLOC_CTX *mem_ctx,
1726 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1729 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1734 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1735 uint32 security_info,
1736 struct security_descriptor **ppdesc)
1740 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
1742 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1743 "%s", fsp_str_do_log(fsp));
1748 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
1750 uint32 security_info,
1751 struct security_descriptor **ppdesc)
1755 result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
1757 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
1763 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1764 uint32 security_info_sent,
1765 const struct security_descriptor *psd)
1769 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
1771 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s",
1772 fsp_str_do_log(fsp));
1777 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
1778 const char *path, mode_t mode)
1782 result = SMB_VFS_NEXT_CHMOD_ACL(handle, path, mode);
1784 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1785 "%s|%o", path, mode);
1790 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1795 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
1797 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1798 "%s|%o", fsp_str_do_log(fsp), mode);
1803 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1805 SMB_ACL_TYPE_T type)
1809 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
1811 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1817 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1822 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
1824 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1825 "%s", fsp_str_do_log(fsp));
1830 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
1832 SMB_ACL_TYPE_T type,
1833 TALLOC_CTX *mem_ctx,
1834 char **blob_description,
1839 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
1841 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
1847 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1849 TALLOC_CTX *mem_ctx,
1850 char **blob_description,
1855 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
1857 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
1858 "%s", fsp_str_do_log(fsp));
1863 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1865 const char *name, SMB_ACL_TYPE_T acltype,
1870 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype,
1873 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1879 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1884 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1886 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1887 "%s", fsp_str_do_log(fsp));
1892 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1898 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1900 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1906 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1908 const char *name, void *value, size_t size)
1912 result = SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
1914 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1915 "%s|%s", path, name);
1920 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1921 struct files_struct *fsp,
1922 const char *name, void *value, size_t size)
1926 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
1928 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1929 "%s|%s", fsp_str_do_log(fsp), name);
1934 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1935 const char *path, char *list, size_t size)
1939 result = SMB_VFS_NEXT_LISTXATTR(handle, path, list, size);
1941 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1946 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1947 struct files_struct *fsp, char *list,
1952 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
1954 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1955 "%s", fsp_str_do_log(fsp));
1960 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1966 result = SMB_VFS_NEXT_REMOVEXATTR(handle, path, name);
1968 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1969 "%s|%s", path, name);
1974 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1975 struct files_struct *fsp,
1980 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
1982 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1983 "%s|%s", fsp_str_do_log(fsp), name);
1988 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1990 const char *name, const void *value, size_t size,
1995 result = SMB_VFS_NEXT_SETXATTR(handle, path, name, value, size,
1998 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1999 "%s|%s", path, name);
2004 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2005 struct files_struct *fsp, const char *name,
2006 const void *value, size_t size, int flags)
2010 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2012 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2013 "%s|%s", fsp_str_do_log(fsp), name);
2018 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2019 struct files_struct *fsp)
2023 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2024 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2025 "%s", fsp_str_do_log(fsp));
2030 static bool smb_full_audit_is_offline(struct vfs_handle_struct *handle,
2031 const struct smb_filename *fname,
2032 SMB_STRUCT_STAT *sbuf)
2036 result = SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
2037 do_log(SMB_VFS_OP_IS_OFFLINE, result, handle, "%s",
2038 smb_fname_str_do_log(fname));
2042 static int smb_full_audit_set_offline(struct vfs_handle_struct *handle,
2043 const struct smb_filename *fname)
2047 result = SMB_VFS_NEXT_SET_OFFLINE(handle, fname);
2048 do_log(SMB_VFS_OP_SET_OFFLINE, result >= 0, handle, "%s",
2049 smb_fname_str_do_log(fname));
2053 static struct vfs_fn_pointers vfs_full_audit_fns = {
2055 /* Disk operations */
2057 .connect_fn = smb_full_audit_connect,
2058 .disconnect_fn = smb_full_audit_disconnect,
2059 .disk_free_fn = smb_full_audit_disk_free,
2060 .get_quota_fn = smb_full_audit_get_quota,
2061 .set_quota_fn = smb_full_audit_set_quota,
2062 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2063 .statvfs_fn = smb_full_audit_statvfs,
2064 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2065 .opendir_fn = smb_full_audit_opendir,
2066 .fdopendir_fn = smb_full_audit_fdopendir,
2067 .readdir_fn = smb_full_audit_readdir,
2068 .seekdir_fn = smb_full_audit_seekdir,
2069 .telldir_fn = smb_full_audit_telldir,
2070 .rewind_dir_fn = smb_full_audit_rewinddir,
2071 .mkdir_fn = smb_full_audit_mkdir,
2072 .rmdir_fn = smb_full_audit_rmdir,
2073 .closedir_fn = smb_full_audit_closedir,
2074 .init_search_op_fn = smb_full_audit_init_search_op,
2075 .open_fn = smb_full_audit_open,
2076 .create_file_fn = smb_full_audit_create_file,
2077 .close_fn = smb_full_audit_close,
2078 .read_fn = smb_full_audit_read,
2079 .pread_fn = smb_full_audit_pread,
2080 .pread_send_fn = smb_full_audit_pread_send,
2081 .pread_recv_fn = smb_full_audit_pread_recv,
2082 .write_fn = smb_full_audit_write,
2083 .pwrite_fn = smb_full_audit_pwrite,
2084 .pwrite_send_fn = smb_full_audit_pwrite_send,
2085 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2086 .lseek_fn = smb_full_audit_lseek,
2087 .sendfile_fn = smb_full_audit_sendfile,
2088 .recvfile_fn = smb_full_audit_recvfile,
2089 .rename_fn = smb_full_audit_rename,
2090 .fsync_fn = smb_full_audit_fsync,
2091 .fsync_send_fn = smb_full_audit_fsync_send,
2092 .fsync_recv_fn = smb_full_audit_fsync_recv,
2093 .stat_fn = smb_full_audit_stat,
2094 .fstat_fn = smb_full_audit_fstat,
2095 .lstat_fn = smb_full_audit_lstat,
2096 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2097 .unlink_fn = smb_full_audit_unlink,
2098 .chmod_fn = smb_full_audit_chmod,
2099 .fchmod_fn = smb_full_audit_fchmod,
2100 .chown_fn = smb_full_audit_chown,
2101 .fchown_fn = smb_full_audit_fchown,
2102 .lchown_fn = smb_full_audit_lchown,
2103 .chdir_fn = smb_full_audit_chdir,
2104 .getwd_fn = smb_full_audit_getwd,
2105 .ntimes_fn = smb_full_audit_ntimes,
2106 .ftruncate_fn = smb_full_audit_ftruncate,
2107 .fallocate_fn = smb_full_audit_fallocate,
2108 .lock_fn = smb_full_audit_lock,
2109 .kernel_flock_fn = smb_full_audit_kernel_flock,
2110 .linux_setlease_fn = smb_full_audit_linux_setlease,
2111 .getlock_fn = smb_full_audit_getlock,
2112 .symlink_fn = smb_full_audit_symlink,
2113 .readlink_fn = smb_full_audit_readlink,
2114 .link_fn = smb_full_audit_link,
2115 .mknod_fn = smb_full_audit_mknod,
2116 .realpath_fn = smb_full_audit_realpath,
2117 .notify_watch_fn = smb_full_audit_notify_watch,
2118 .chflags_fn = smb_full_audit_chflags,
2119 .file_id_create_fn = smb_full_audit_file_id_create,
2120 .streaminfo_fn = smb_full_audit_streaminfo,
2121 .get_real_filename_fn = smb_full_audit_get_real_filename,
2122 .connectpath_fn = smb_full_audit_connectpath,
2123 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2124 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2125 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2126 .strict_lock_fn = smb_full_audit_strict_lock,
2127 .strict_unlock_fn = smb_full_audit_strict_unlock,
2128 .translate_name_fn = smb_full_audit_translate_name,
2129 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2130 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2131 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2132 .chmod_acl_fn = smb_full_audit_chmod_acl,
2133 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2134 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2135 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2136 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2137 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2138 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2139 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2140 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2141 .getxattr_fn = smb_full_audit_getxattr,
2142 .fgetxattr_fn = smb_full_audit_fgetxattr,
2143 .listxattr_fn = smb_full_audit_listxattr,
2144 .flistxattr_fn = smb_full_audit_flistxattr,
2145 .removexattr_fn = smb_full_audit_removexattr,
2146 .fremovexattr_fn = smb_full_audit_fremovexattr,
2147 .setxattr_fn = smb_full_audit_setxattr,
2148 .fsetxattr_fn = smb_full_audit_fsetxattr,
2149 .aio_force_fn = smb_full_audit_aio_force,
2150 .is_offline_fn = smb_full_audit_is_offline,
2151 .set_offline_fn = smb_full_audit_set_offline,
2154 NTSTATUS vfs_full_audit_init(void)
2156 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
2157 "full_audit", &vfs_full_audit_fns);
2159 if (!NT_STATUS_IS_OK(ret))
2162 vfs_full_audit_debug_level = debug_add_class("full_audit");
2163 if (vfs_full_audit_debug_level == -1) {
2164 vfs_full_audit_debug_level = DBGC_VFS;
2165 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2168 DEBUG(10, ("vfs_full_audit: Debug class number of "
2169 "'full_audit': %d\n", vfs_full_audit_debug_level));
git.samba.org / obnox / samba / samba-obnox.git / blob