search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r10400: commit merge patch from jra
[Samba.git] / source / modules / vfs_full_audit.c
blob175dda7a69e794254236c2587acd366c1988e1a4
1 /*
2 * Auditing VFS module for samba. Log selected file operations to syslog
3 * facility.
4 *
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 */
25
26 /*
27 * This module implements parseable logging for all Samba VFS operations.
28 *
29 * You use it as follows:
30 *
31 * [tmp]
32 * path = /tmp
33 * vfs objects = full_audit
34 * full_audit:prefix = %u|%I
35 * full_audit:success = open opendir
36 * full_audit:failure = all
37 *
38 * This leads to syslog entries of the form:
39 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
40 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
41 *
42 * where "nobody" is the connected username and "192.168.234.1" is the
43 * client's IP address.
44 *
45 * Options:
46 *
47 * prefix: A macro expansion template prepended to the syslog entry.
48 *
49 * success: A list of VFS operations for which a successful completion should
50 * be logged. Defaults to no logging at all. The special operation "all" logs
51 * - you guessed it - everything.
52 *
53 * failure: A list of VFS operations for which failure to complete should be
54 * logged. Defaults to logging everything.
55 */
56
57
58 #include "includes.h"
59
60 extern struct current_user current_user;
61
62 static int vfs_full_audit_debug_level = DBGC_VFS;
63
64 #undef DBGC_CLASS
65 #define DBGC_CLASS vfs_full_audit_debug_level
66
67 /* Function prototypes */
68
69 static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *conn,
70 const char *svc, const char *user);
71 static void smb_full_audit_disconnect(vfs_handle_struct *handle,
72 connection_struct *conn);
73 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
74 connection_struct *conn, const char *path,
75 BOOL small_query, SMB_BIG_UINT *bsize,
76 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
77 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
78 struct connection_struct *conn,
79 enum SMB_QUOTA_TYPE qtype, unid_t id,
80 SMB_DISK_QUOTA *qt);
81 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
82 struct connection_struct *conn,
83 enum SMB_QUOTA_TYPE qtype, unid_t id,
84 SMB_DISK_QUOTA *qt);
85 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
86 struct files_struct *fsp,
87 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels);
88
89 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
90 const char *fname, const char *mask, uint32 attr);
91 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
92 connection_struct *conn, SMB_STRUCT_DIR *dirp);
93 static void smb_full_audit_seekdir(vfs_handle_struct *handle, connection_struct *conn,
94 SMB_STRUCT_DIR *dirp, long offset);
95 static long smb_full_audit_telldir(vfs_handle_struct *handle, connection_struct *conn,
96 SMB_STRUCT_DIR *dirp);
97 static void smb_full_audit_rewinddir(vfs_handle_struct *handle, connection_struct *conn,
98 SMB_STRUCT_DIR *dirp);
99 static int smb_full_audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
100 const char *path, mode_t mode);
101 static int smb_full_audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
102 const char *path);
103 static int smb_full_audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
104 SMB_STRUCT_DIR *dirp);
105 static int smb_full_audit_open(vfs_handle_struct *handle, connection_struct *conn,
106 const char *fname, int flags, mode_t mode);
107 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd);
108 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
109 int fd, void *data, size_t n);
110 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
111 int fd, void *data, size_t n, SMB_OFF_T offset);
112 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
113 int fd, const void *data, size_t n);
114 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
115 int fd, const void *data, size_t n,
116 SMB_OFF_T offset);
117 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
118 int filedes, SMB_OFF_T offset, int whence);
119 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
120 files_struct *fsp, int fromfd,
121 const DATA_BLOB *hdr, SMB_OFF_T offset,
122 size_t n);
123 static int smb_full_audit_rename(vfs_handle_struct *handle, connection_struct *conn,
124 const char *oldname, const char *newname);
125 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd);
126 static int smb_full_audit_stat(vfs_handle_struct *handle, connection_struct *conn,
127 const char *fname, SMB_STRUCT_STAT *sbuf);
128 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
129 SMB_STRUCT_STAT *sbuf);
130 static int smb_full_audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
131 const char *path, SMB_STRUCT_STAT *sbuf);
132 static int smb_full_audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
133 const char *path);
134 static int smb_full_audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
135 const char *path, mode_t mode);
136 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
137 mode_t mode);
138 static int smb_full_audit_chown(vfs_handle_struct *handle, connection_struct *conn,
139 const char *path, uid_t uid, gid_t gid);
140 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
141 uid_t uid, gid_t gid);
142 static int smb_full_audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
143 const char *path);
144 static char *smb_full_audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
145 char *path);
146 static int smb_full_audit_utime(vfs_handle_struct *handle, connection_struct *conn,
147 const char *path, struct utimbuf *times);
148 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
149 int fd, SMB_OFF_T len);
150 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
151 int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
152 static int smb_full_audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
153 const char *oldpath, const char *newpath);
154 static int smb_full_audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
155 const char *path, char *buf, size_t bufsiz);
156 static int smb_full_audit_link(vfs_handle_struct *handle, connection_struct *conn,
157 const char *oldpath, const char *newpath);
158 static int smb_full_audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
159 const char *pathname, mode_t mode, SMB_DEV_T dev);
160 static char *smb_full_audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
161 const char *path, char *resolved_path);
162 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
163 int fd, uint32 security_info,
164 SEC_DESC **ppdesc);
165 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
166 const char *name, uint32 security_info,
167 SEC_DESC **ppdesc);
168 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
169 int fd, uint32 security_info_sent,
170 SEC_DESC *psd);
171 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
172 const char *name, uint32 security_info_sent,
173 SEC_DESC *psd);
174 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
175 const char *path, mode_t mode);
176 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
177 int fd, mode_t mode);
178 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
179 connection_struct *conn,
180 SMB_ACL_T theacl, int entry_id,
181 SMB_ACL_ENTRY_T *entry_p);
182 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
183 connection_struct *conn,
184 SMB_ACL_ENTRY_T entry_d,
185 SMB_ACL_TAG_T *tag_type_p);
186 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
187 connection_struct *conn,
188 SMB_ACL_ENTRY_T entry_d,
189 SMB_ACL_PERMSET_T *permset_p);
190 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
191 connection_struct *conn,
192 SMB_ACL_ENTRY_T entry_d);
193 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
194 connection_struct *conn,
195 const char *path_p,
196 SMB_ACL_TYPE_T type);
197 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
198 files_struct *fsp,
199 int fd);
200 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
201 connection_struct *conn,
202 SMB_ACL_PERMSET_T permset);
203 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
204 connection_struct *conn,
205 SMB_ACL_PERMSET_T permset,
206 SMB_ACL_PERM_T perm);
207 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
208 connection_struct *conn, SMB_ACL_T theacl,
209 ssize_t *plen);
210 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
211 connection_struct *conn,
212 int count);
213 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
214 connection_struct *conn, SMB_ACL_T *pacl,
215 SMB_ACL_ENTRY_T *pentry);
216 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
217 connection_struct *conn,
218 SMB_ACL_ENTRY_T entry,
219 SMB_ACL_TAG_T tagtype);
220 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
221 connection_struct *conn,
222 SMB_ACL_ENTRY_T entry,
223 void *qual);
224 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
225 connection_struct *conn,
226 SMB_ACL_ENTRY_T entry,
227 SMB_ACL_PERMSET_T permset);
228 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
229 connection_struct *conn,
230 SMB_ACL_T theacl );
231 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
232 connection_struct *conn,
233 const char *name, SMB_ACL_TYPE_T acltype,
234 SMB_ACL_T theacl);
235 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
236 int fd, SMB_ACL_T theacl);
237 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
238 connection_struct *conn,
239 const char *path);
240 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
241 connection_struct *conn,
242 SMB_ACL_PERMSET_T permset,
243 SMB_ACL_PERM_T perm);
244 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
245 connection_struct *conn,
246 char *text);
247 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
248 connection_struct *conn,
249 SMB_ACL_T posix_acl);
250 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
251 connection_struct *conn,
252 void *qualifier,
253 SMB_ACL_TAG_T tagtype);
254 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
255 struct connection_struct *conn, const char *path,
256 const char *name, void *value, size_t size);
257 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
258 struct connection_struct *conn,
259 const char *path, const char *name,
260 void *value, size_t size);
261 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
262 struct files_struct *fsp, int fd,
263 const char *name, void *value, size_t size);
264 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
265 struct connection_struct *conn,
266 const char *path, char *list, size_t size);
267 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
268 struct connection_struct *conn,
269 const char *path, char *list, size_t size);
270 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
271 struct files_struct *fsp, int fd, char *list,
272 size_t size);
273 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
274 struct connection_struct *conn, const char *path,
275 const char *name);
276 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
277 struct connection_struct *conn, const char *path,
278 const char *name);
279 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
280 struct files_struct *fsp, int fd,
281 const char *name);
282 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
283 struct connection_struct *conn, const char *path,
284 const char *name, const void *value, size_t size,
285 int flags);
286 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
287 struct connection_struct *conn, const char *path,
288 const char *name, const void *value, size_t size,
289 int flags);
290 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
291 struct files_struct *fsp, int fd, const char *name,
292 const void *value, size_t size, int flags);
293
294 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
295 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
296 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
297 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb);
298 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
299 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
300 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts);
301
302 /* VFS operations */
303
304 static vfs_op_tuple audit_op_tuples[] = {
305
306 /* Disk operations */
307
308 {SMB_VFS_OP(smb_full_audit_connect), SMB_VFS_OP_CONNECT,
309 SMB_VFS_LAYER_LOGGER},
310 {SMB_VFS_OP(smb_full_audit_disconnect), SMB_VFS_OP_DISCONNECT,
311 SMB_VFS_LAYER_LOGGER},
312 {SMB_VFS_OP(smb_full_audit_disk_free), SMB_VFS_OP_DISK_FREE,
313 SMB_VFS_LAYER_LOGGER},
314 {SMB_VFS_OP(smb_full_audit_get_quota), SMB_VFS_OP_GET_QUOTA,
315 SMB_VFS_LAYER_LOGGER},
316 {SMB_VFS_OP(smb_full_audit_set_quota), SMB_VFS_OP_SET_QUOTA,
317 SMB_VFS_LAYER_LOGGER},
318 {SMB_VFS_OP(smb_full_audit_get_shadow_copy_data), SMB_VFS_OP_GET_SHADOW_COPY_DATA,
319 SMB_VFS_LAYER_LOGGER},
320
321 /* Directory operations */
322
323 {SMB_VFS_OP(smb_full_audit_opendir), SMB_VFS_OP_OPENDIR,
324 SMB_VFS_LAYER_LOGGER},
325 {SMB_VFS_OP(smb_full_audit_readdir), SMB_VFS_OP_READDIR,
326 SMB_VFS_LAYER_LOGGER},
327 {SMB_VFS_OP(smb_full_audit_seekdir), SMB_VFS_OP_SEEKDIR,
328 SMB_VFS_LAYER_LOGGER},
329 {SMB_VFS_OP(smb_full_audit_telldir), SMB_VFS_OP_TELLDIR,
330 SMB_VFS_LAYER_LOGGER},
331 {SMB_VFS_OP(smb_full_audit_rewinddir), SMB_VFS_OP_REWINDDIR,
332 SMB_VFS_LAYER_LOGGER},
333 {SMB_VFS_OP(smb_full_audit_mkdir), SMB_VFS_OP_MKDIR,
334 SMB_VFS_LAYER_LOGGER},
335 {SMB_VFS_OP(smb_full_audit_rmdir), SMB_VFS_OP_RMDIR,
336 SMB_VFS_LAYER_LOGGER},
337 {SMB_VFS_OP(smb_full_audit_closedir), SMB_VFS_OP_CLOSEDIR,
338 SMB_VFS_LAYER_LOGGER},
339
340 /* File operations */
341
342 {SMB_VFS_OP(smb_full_audit_open), SMB_VFS_OP_OPEN,
343 SMB_VFS_LAYER_LOGGER},
344 {SMB_VFS_OP(smb_full_audit_close), SMB_VFS_OP_CLOSE,
345 SMB_VFS_LAYER_LOGGER},
346 {SMB_VFS_OP(smb_full_audit_read), SMB_VFS_OP_READ,
347 SMB_VFS_LAYER_LOGGER},
348 {SMB_VFS_OP(smb_full_audit_pread), SMB_VFS_OP_PREAD,
349 SMB_VFS_LAYER_LOGGER},
350 {SMB_VFS_OP(smb_full_audit_write), SMB_VFS_OP_WRITE,
351 SMB_VFS_LAYER_LOGGER},
352 {SMB_VFS_OP(smb_full_audit_pwrite), SMB_VFS_OP_PWRITE,
353 SMB_VFS_LAYER_LOGGER},
354 {SMB_VFS_OP(smb_full_audit_lseek), SMB_VFS_OP_LSEEK,
355 SMB_VFS_LAYER_LOGGER},
356 {SMB_VFS_OP(smb_full_audit_sendfile), SMB_VFS_OP_SENDFILE,
357 SMB_VFS_LAYER_LOGGER},
358 {SMB_VFS_OP(smb_full_audit_rename), SMB_VFS_OP_RENAME,
359 SMB_VFS_LAYER_LOGGER},
360 {SMB_VFS_OP(smb_full_audit_fsync), SMB_VFS_OP_FSYNC,
361 SMB_VFS_LAYER_LOGGER},
362 {SMB_VFS_OP(smb_full_audit_stat), SMB_VFS_OP_STAT,
363 SMB_VFS_LAYER_LOGGER},
364 {SMB_VFS_OP(smb_full_audit_fstat), SMB_VFS_OP_FSTAT,
365 SMB_VFS_LAYER_LOGGER},
366 {SMB_VFS_OP(smb_full_audit_lstat), SMB_VFS_OP_LSTAT,
367 SMB_VFS_LAYER_LOGGER},
368 {SMB_VFS_OP(smb_full_audit_unlink), SMB_VFS_OP_UNLINK,
369 SMB_VFS_LAYER_LOGGER},
370 {SMB_VFS_OP(smb_full_audit_chmod), SMB_VFS_OP_CHMOD,
371 SMB_VFS_LAYER_LOGGER},
372 {SMB_VFS_OP(smb_full_audit_fchmod), SMB_VFS_OP_FCHMOD,
373 SMB_VFS_LAYER_LOGGER},
374 {SMB_VFS_OP(smb_full_audit_chown), SMB_VFS_OP_CHOWN,
375 SMB_VFS_LAYER_LOGGER},
376 {SMB_VFS_OP(smb_full_audit_fchown), SMB_VFS_OP_FCHOWN,
377 SMB_VFS_LAYER_LOGGER},
378 {SMB_VFS_OP(smb_full_audit_chdir), SMB_VFS_OP_CHDIR,
379 SMB_VFS_LAYER_LOGGER},
380 {SMB_VFS_OP(smb_full_audit_getwd), SMB_VFS_OP_GETWD,
381 SMB_VFS_LAYER_LOGGER},
382 {SMB_VFS_OP(smb_full_audit_utime), SMB_VFS_OP_UTIME,
383 SMB_VFS_LAYER_LOGGER},
384 {SMB_VFS_OP(smb_full_audit_ftruncate), SMB_VFS_OP_FTRUNCATE,
385 SMB_VFS_LAYER_LOGGER},
386 {SMB_VFS_OP(smb_full_audit_lock), SMB_VFS_OP_LOCK,
387 SMB_VFS_LAYER_LOGGER},
388 {SMB_VFS_OP(smb_full_audit_symlink), SMB_VFS_OP_SYMLINK,
389 SMB_VFS_LAYER_LOGGER},
390 {SMB_VFS_OP(smb_full_audit_readlink), SMB_VFS_OP_READLINK,
391 SMB_VFS_LAYER_LOGGER},
392 {SMB_VFS_OP(smb_full_audit_link), SMB_VFS_OP_LINK,
393 SMB_VFS_LAYER_LOGGER},
394 {SMB_VFS_OP(smb_full_audit_mknod), SMB_VFS_OP_MKNOD,
395 SMB_VFS_LAYER_LOGGER},
396 {SMB_VFS_OP(smb_full_audit_realpath), SMB_VFS_OP_REALPATH,
397 SMB_VFS_LAYER_LOGGER},
398
399 /* NT ACL operations. */
400
401 {SMB_VFS_OP(smb_full_audit_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
402 SMB_VFS_LAYER_LOGGER},
403 {SMB_VFS_OP(smb_full_audit_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
404 SMB_VFS_LAYER_LOGGER},
405 {SMB_VFS_OP(smb_full_audit_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
406 SMB_VFS_LAYER_LOGGER},
407 {SMB_VFS_OP(smb_full_audit_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
408 SMB_VFS_LAYER_LOGGER},
409
410 /* POSIX ACL operations. */
411
412 {SMB_VFS_OP(smb_full_audit_chmod_acl), SMB_VFS_OP_CHMOD_ACL,
413 SMB_VFS_LAYER_LOGGER},
414 {SMB_VFS_OP(smb_full_audit_fchmod_acl), SMB_VFS_OP_FCHMOD_ACL,
415 SMB_VFS_LAYER_LOGGER},
416 {SMB_VFS_OP(smb_full_audit_sys_acl_get_entry), SMB_VFS_OP_SYS_ACL_GET_ENTRY,
417 SMB_VFS_LAYER_LOGGER},
418 {SMB_VFS_OP(smb_full_audit_sys_acl_get_tag_type), SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,
419 SMB_VFS_LAYER_LOGGER},
420 {SMB_VFS_OP(smb_full_audit_sys_acl_get_permset), SMB_VFS_OP_SYS_ACL_GET_PERMSET,
421 SMB_VFS_LAYER_LOGGER},
422 {SMB_VFS_OP(smb_full_audit_sys_acl_get_qualifier), SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,
423 SMB_VFS_LAYER_LOGGER},
424 {SMB_VFS_OP(smb_full_audit_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
425 SMB_VFS_LAYER_LOGGER},
426 {SMB_VFS_OP(smb_full_audit_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
427 SMB_VFS_LAYER_LOGGER},
428 {SMB_VFS_OP(smb_full_audit_sys_acl_clear_perms), SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,
429 SMB_VFS_LAYER_LOGGER},
430 {SMB_VFS_OP(smb_full_audit_sys_acl_add_perm), SMB_VFS_OP_SYS_ACL_ADD_PERM,
431 SMB_VFS_LAYER_LOGGER},
432 {SMB_VFS_OP(smb_full_audit_sys_acl_to_text), SMB_VFS_OP_SYS_ACL_TO_TEXT,
433 SMB_VFS_LAYER_LOGGER},
434 {SMB_VFS_OP(smb_full_audit_sys_acl_init), SMB_VFS_OP_SYS_ACL_INIT,
435 SMB_VFS_LAYER_LOGGER},
436 {SMB_VFS_OP(smb_full_audit_sys_acl_create_entry), SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,
437 SMB_VFS_LAYER_LOGGER},
438 {SMB_VFS_OP(smb_full_audit_sys_acl_set_tag_type), SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,
439 SMB_VFS_LAYER_LOGGER},
440 {SMB_VFS_OP(smb_full_audit_sys_acl_set_qualifier), SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,
441 SMB_VFS_LAYER_LOGGER},
442 {SMB_VFS_OP(smb_full_audit_sys_acl_set_permset), SMB_VFS_OP_SYS_ACL_SET_PERMSET,
443 SMB_VFS_LAYER_LOGGER},
444 {SMB_VFS_OP(smb_full_audit_sys_acl_valid), SMB_VFS_OP_SYS_ACL_VALID,
445 SMB_VFS_LAYER_LOGGER},
446 {SMB_VFS_OP(smb_full_audit_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
447 SMB_VFS_LAYER_LOGGER},
448 {SMB_VFS_OP(smb_full_audit_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
449 SMB_VFS_LAYER_LOGGER},
450 {SMB_VFS_OP(smb_full_audit_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
451 SMB_VFS_LAYER_LOGGER},
452 {SMB_VFS_OP(smb_full_audit_sys_acl_get_perm), SMB_VFS_OP_SYS_ACL_GET_PERM,
453 SMB_VFS_LAYER_LOGGER},
454 {SMB_VFS_OP(smb_full_audit_sys_acl_free_text), SMB_VFS_OP_SYS_ACL_FREE_TEXT,
455 SMB_VFS_LAYER_LOGGER},
456 {SMB_VFS_OP(smb_full_audit_sys_acl_free_acl), SMB_VFS_OP_SYS_ACL_FREE_ACL,
457 SMB_VFS_LAYER_LOGGER},
458 {SMB_VFS_OP(smb_full_audit_sys_acl_free_qualifier), SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,
459 SMB_VFS_LAYER_LOGGER},
460
461 /* EA operations. */
462
463 {SMB_VFS_OP(smb_full_audit_getxattr), SMB_VFS_OP_GETXATTR,
464 SMB_VFS_LAYER_LOGGER},
465 {SMB_VFS_OP(smb_full_audit_lgetxattr), SMB_VFS_OP_LGETXATTR,
466 SMB_VFS_LAYER_LOGGER},
467 {SMB_VFS_OP(smb_full_audit_fgetxattr), SMB_VFS_OP_FGETXATTR,
468 SMB_VFS_LAYER_LOGGER},
469 {SMB_VFS_OP(smb_full_audit_listxattr), SMB_VFS_OP_LISTXATTR,
470 SMB_VFS_LAYER_LOGGER},
471 {SMB_VFS_OP(smb_full_audit_llistxattr), SMB_VFS_OP_LLISTXATTR,
472 SMB_VFS_LAYER_LOGGER},
473 {SMB_VFS_OP(smb_full_audit_flistxattr), SMB_VFS_OP_FLISTXATTR,
474 SMB_VFS_LAYER_LOGGER},
475 {SMB_VFS_OP(smb_full_audit_removexattr), SMB_VFS_OP_REMOVEXATTR,
476 SMB_VFS_LAYER_LOGGER},
477 {SMB_VFS_OP(smb_full_audit_lremovexattr), SMB_VFS_OP_LREMOVEXATTR,
478 SMB_VFS_LAYER_LOGGER},
479 {SMB_VFS_OP(smb_full_audit_fremovexattr), SMB_VFS_OP_FREMOVEXATTR,
480 SMB_VFS_LAYER_LOGGER},
481 {SMB_VFS_OP(smb_full_audit_setxattr), SMB_VFS_OP_SETXATTR,
482 SMB_VFS_LAYER_LOGGER},
483 {SMB_VFS_OP(smb_full_audit_lsetxattr), SMB_VFS_OP_LSETXATTR,
484 SMB_VFS_LAYER_LOGGER},
485 {SMB_VFS_OP(smb_full_audit_fsetxattr), SMB_VFS_OP_FSETXATTR,
486 SMB_VFS_LAYER_LOGGER},
487
488 {SMB_VFS_OP(smb_full_audit_aio_read), SMB_VFS_OP_AIO_READ,
489 SMB_VFS_LAYER_LOGGER},
490 {SMB_VFS_OP(smb_full_audit_aio_write), SMB_VFS_OP_AIO_WRITE,
491 SMB_VFS_LAYER_LOGGER},
492 {SMB_VFS_OP(smb_full_audit_aio_return), SMB_VFS_OP_AIO_RETURN,
493 SMB_VFS_LAYER_LOGGER},
494 {SMB_VFS_OP(smb_full_audit_aio_cancel), SMB_VFS_OP_AIO_CANCEL,
495 SMB_VFS_LAYER_LOGGER},
496 {SMB_VFS_OP(smb_full_audit_aio_error), SMB_VFS_OP_AIO_ERROR,
497 SMB_VFS_LAYER_LOGGER},
498 {SMB_VFS_OP(smb_full_audit_aio_fsync), SMB_VFS_OP_AIO_FSYNC,
499 SMB_VFS_LAYER_LOGGER},
500 {SMB_VFS_OP(smb_full_audit_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
501 SMB_VFS_LAYER_LOGGER},
502
503 /* Finish VFS operations definition */
504
505 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP,
506 SMB_VFS_LAYER_NOOP}
507 };
508
509 /* The following array *must* be in the same order as defined in vfs.h */
510
511 static struct {
512 vfs_op_type type;
513 const char *name;
514 } vfs_op_names[] = {
515 { SMB_VFS_OP_CONNECT, "connect" },
516 { SMB_VFS_OP_DISCONNECT, "disconnect" },
517 { SMB_VFS_OP_DISK_FREE, "disk_free" },
518 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
519 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
520 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
521 { SMB_VFS_OP_OPENDIR, "opendir" },
522 { SMB_VFS_OP_READDIR, "readdir" },
523 { SMB_VFS_OP_SEEKDIR, "seekdir" },
524 { SMB_VFS_OP_TELLDIR, "telldir" },
525 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
526 { SMB_VFS_OP_MKDIR, "mkdir" },
527 { SMB_VFS_OP_RMDIR, "rmdir" },
528 { SMB_VFS_OP_CLOSEDIR, "closedir" },
529 { SMB_VFS_OP_OPEN, "open" },
530 { SMB_VFS_OP_CLOSE, "close" },
531 { SMB_VFS_OP_READ, "read" },
532 { SMB_VFS_OP_PREAD, "pread" },
533 { SMB_VFS_OP_WRITE, "write" },
534 { SMB_VFS_OP_PWRITE, "pwrite" },
535 { SMB_VFS_OP_LSEEK, "lseek" },
536 { SMB_VFS_OP_SENDFILE, "sendfile" },
537 { SMB_VFS_OP_RENAME, "rename" },
538 { SMB_VFS_OP_FSYNC, "fsync" },
539 { SMB_VFS_OP_STAT, "stat" },
540 { SMB_VFS_OP_FSTAT, "fstat" },
541 { SMB_VFS_OP_LSTAT, "lstat" },
542 { SMB_VFS_OP_UNLINK, "unlink" },
543 { SMB_VFS_OP_CHMOD, "chmod" },
544 { SMB_VFS_OP_FCHMOD, "fchmod" },
545 { SMB_VFS_OP_CHOWN, "chown" },
546 { SMB_VFS_OP_FCHOWN, "fchown" },
547 { SMB_VFS_OP_CHDIR, "chdir" },
548 { SMB_VFS_OP_GETWD, "getwd" },
549 { SMB_VFS_OP_UTIME, "utime" },
550 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
551 { SMB_VFS_OP_LOCK, "lock" },
552 { SMB_VFS_OP_SYMLINK, "symlink" },
553 { SMB_VFS_OP_READLINK, "readlink" },
554 { SMB_VFS_OP_LINK, "link" },
555 { SMB_VFS_OP_MKNOD, "mknod" },
556 { SMB_VFS_OP_REALPATH, "realpath" },
557 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
558 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
559 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
560 { SMB_VFS_OP_SET_NT_ACL, "set_nt_acl" },
561 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
562 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
563 { SMB_VFS_OP_SYS_ACL_GET_ENTRY, "sys_acl_get_entry" },
564 { SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, "sys_acl_get_tag_type" },
565 { SMB_VFS_OP_SYS_ACL_GET_PERMSET, "sys_acl_get_permset" },
566 { SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, "sys_acl_get_qualifier" },
567 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
568 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
569 { SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, "sys_acl_clear_perms" },
570 { SMB_VFS_OP_SYS_ACL_ADD_PERM, "sys_acl_add_perm" },
571 { SMB_VFS_OP_SYS_ACL_TO_TEXT, "sys_acl_to_text" },
572 { SMB_VFS_OP_SYS_ACL_INIT, "sys_acl_init" },
573 { SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, "sys_acl_create_entry" },
574 { SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, "sys_acl_set_tag_type" },
575 { SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, "sys_acl_set_qualifier" },
576 { SMB_VFS_OP_SYS_ACL_SET_PERMSET, "sys_acl_set_permset" },
577 { SMB_VFS_OP_SYS_ACL_VALID, "sys_acl_valid" },
578 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
579 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
580 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
581 { SMB_VFS_OP_SYS_ACL_GET_PERM, "sys_acl_get_perm" },
582 { SMB_VFS_OP_SYS_ACL_FREE_TEXT, "sys_acl_free_text" },
583 { SMB_VFS_OP_SYS_ACL_FREE_ACL, "sys_acl_free_acl" },
584 { SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, "sys_acl_free_qualifier" },
585 { SMB_VFS_OP_GETXATTR, "getxattr" },
586 { SMB_VFS_OP_LGETXATTR, "lgetxattr" },
587 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
588 { SMB_VFS_OP_LISTXATTR, "listxattr" },
589 { SMB_VFS_OP_LLISTXATTR, "llistxattr" },
590 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
591 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
592 { SMB_VFS_OP_LREMOVEXATTR, "lremovexattr" },
593 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
594 { SMB_VFS_OP_SETXATTR, "setxattr" },
595 { SMB_VFS_OP_LSETXATTR, "lsetxattr" },
596 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
597 { SMB_VFS_OP_AIO_READ, "aio_read" },
598 { SMB_VFS_OP_AIO_WRITE, "aio_write" },
599 { SMB_VFS_OP_AIO_RETURN,"aio_return" },
600 { SMB_VFS_OP_AIO_CANCEL,"aio_cancel" },
601 { SMB_VFS_OP_AIO_ERROR, "aio_error" },
602 { SMB_VFS_OP_AIO_FSYNC, "aio_fsync" },
603 { SMB_VFS_OP_AIO_SUSPEND,"aio_suspend" },
604 { SMB_VFS_OP_LAST, NULL }
605 };
606
607 static int audit_syslog_facility(vfs_handle_struct *handle)
608 {
609 /* fix me: let this be configurable by:
610 * lp_param_enum(SNUM(handle->conn),
611 * (handle->param?handle->param:"full_audit"),
612 * "syslog facility",
613 * audit_enum_facility,LOG_USER);
614 */
615 return LOG_USER;
616 }
617
618 static int audit_syslog_priority(vfs_handle_struct *handle)
619 {
620 /* fix me: let this be configurable by:
621 * lp_param_enum(SNUM(handle->conn),
622 * (handle->param?handle->param:"full_audit"),
623 * "syslog priority",
624 * audit_enum_priority,LOG_NOTICE);
625 */
626 return LOG_NOTICE;
627 }
628
629 static char *audit_prefix(connection_struct *conn)
630 {
631 static pstring prefix;
632
633 pstrcpy(prefix, lp_parm_const_string(SNUM(conn), "full_audit",
634 "prefix", "%u|%I"));
635 standard_sub_snum(SNUM(conn), prefix, sizeof(prefix)-1);
636 return prefix;
637 }
638
639 static struct bitmap *success_ops = NULL;
640
641 static BOOL log_success(vfs_op_type op)
642 {
643 if (success_ops == NULL)
644 return True;
645
646 return bitmap_query(success_ops, op);
647 }
648
649 static struct bitmap *failure_ops = NULL;
650
651 static BOOL log_failure(vfs_op_type op)
652 {
653 if (failure_ops == NULL)
654 return True;
655
656 return bitmap_query(failure_ops, op);
657 }
658
659 static void init_bitmap(struct bitmap **bm, const char **ops)
660 {
661 BOOL log_all = False;
662
663 if (*bm != NULL)
664 return;
665
666 *bm = bitmap_allocate(SMB_VFS_OP_LAST);
667
668 if (*bm == NULL) {
669 DEBUG(0, ("Could not alloc bitmap -- "
670 "defaulting to logging everything\n"));
671 return;
672 }
673
674 while (*ops != NULL) {
675 int i;
676 BOOL found = False;
677
678 if (strequal(*ops, "all")) {
679 log_all = True;
680 break;
681 }
682
683 for (i=0; i<SMB_VFS_OP_LAST; i++) {
684 if (vfs_op_names[i].name == NULL) {
685 smb_panic("vfs_full_audit.c: name table not "
686 "in sync with vfs.h\n");
687 }
688
689 if (strequal(*ops, vfs_op_names[i].name)) {
690 bitmap_set(*bm, i);
691 found = True;
692 }
693 }
694 if (!found) {
695 DEBUG(0, ("Could not find opname %s, logging all\n",
696 *ops));
697 log_all = True;
698 break;
699 }
700 ops += 1;
701 }
702
703 if (log_all) {
704 /* The query functions default to True */
705 bitmap_free(*bm);
706 *bm = NULL;
707 }
708 }
709
710 static const char *audit_opname(vfs_op_type op)
711 {
712 if (op >= SMB_VFS_OP_LAST)
713 return "INVALID VFS OP";
714 return vfs_op_names[op].name;
715 }
716
717 static void do_log(vfs_op_type op, BOOL success, vfs_handle_struct *handle,
718 const char *format, ...)
719 {
720 fstring err_msg;
721 pstring op_msg;
722 va_list ap;
723
724 if (success && (!log_success(op)))
725 return;
726
727 if (!success && (!log_failure(op)))
728 return;
729
730 if (success)
731 fstrcpy(err_msg, "ok");
732 else
733 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
734
735 va_start(ap, format);
736 vsnprintf(op_msg, sizeof(op_msg), format, ap);
737 va_end(ap);
738
739 syslog(audit_syslog_priority(handle), "%s|%s|%s|%s\n",
740 audit_prefix(handle->conn), audit_opname(op), err_msg, op_msg);
741
742 return;
743 }
744
745 /* Implementation of vfs_ops. Pass everything on to the default
746 operation but log event first. */
747
748 static int smb_full_audit_connect(vfs_handle_struct *handle, connection_struct *conn,
749 const char *svc, const char *user)
750 {
751 int result;
752 const char *none[] = { NULL };
753 const char *all [] = { "all" };
754
755 openlog("smbd_audit", 0, audit_syslog_facility(handle));
756
757 init_bitmap(&success_ops,
758 lp_parm_string_list(SNUM(conn), "full_audit", "success",
759 none));
760 init_bitmap(&failure_ops,
761 lp_parm_string_list(SNUM(conn), "full_audit", "failure",
762 all));
763
764 result = SMB_VFS_NEXT_CONNECT(handle, conn, svc, user);
765
766 do_log(SMB_VFS_OP_CONNECT, True, handle,
767 "%s", svc);
768
769 return result;
770 }
771
772 static void smb_full_audit_disconnect(vfs_handle_struct *handle,
773 connection_struct *conn)
774 {
775 SMB_VFS_NEXT_DISCONNECT(handle, conn);
776
777 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
778 "%s", lp_servicename(SNUM(conn)));
779
780 bitmap_free(success_ops);
781 success_ops = NULL;
782
783 bitmap_free(failure_ops);
784 failure_ops = NULL;
785
786 return;
787 }
788
789 static SMB_BIG_UINT smb_full_audit_disk_free(vfs_handle_struct *handle,
790 connection_struct *conn, const char *path,
791 BOOL small_query, SMB_BIG_UINT *bsize,
792 SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize)
793 {
794 SMB_BIG_UINT result;
795
796 result = SMB_VFS_NEXT_DISK_FREE(handle, conn, path, small_query, bsize,
797 dfree, dsize);
798
799 /* Don't have a reasonable notion of failure here */
800
801 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", path);
802
803 return result;
804 }
805
806 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
807 struct connection_struct *conn,
808 enum SMB_QUOTA_TYPE qtype, unid_t id,
809 SMB_DISK_QUOTA *qt)
810 {
811 int result;
812
813 result = SMB_VFS_NEXT_GET_QUOTA(handle, conn, qtype, id, qt);
814
815 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "");
816
817 return result;
818 }
819
820
821 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
822 struct connection_struct *conn,
823 enum SMB_QUOTA_TYPE qtype, unid_t id,
824 SMB_DISK_QUOTA *qt)
825 {
826 int result;
827
828 result = SMB_VFS_NEXT_SET_QUOTA(handle, conn, qtype, id, qt);
829
830 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
831
832 return result;
833 }
834
835 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
836 struct files_struct *fsp,
837 SHADOW_COPY_DATA *shadow_copy_data, BOOL labels)
838 {
839 int result;
840
841 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
842
843 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
844
845 return result;
846 }
847
848 static SMB_STRUCT_DIR *smb_full_audit_opendir(vfs_handle_struct *handle, connection_struct *conn,
849 const char *fname, const char *mask, uint32 attr)
850 {
851 SMB_STRUCT_DIR *result;
852
853 result = SMB_VFS_NEXT_OPENDIR(handle, conn, fname, mask, attr);
854
855 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s", fname);
856
857 return result;
858 }
859
860 static SMB_STRUCT_DIRENT *smb_full_audit_readdir(vfs_handle_struct *handle,
861 connection_struct *conn, SMB_STRUCT_DIR *dirp)
862 {
863 SMB_STRUCT_DIRENT *result;
864
865 result = SMB_VFS_NEXT_READDIR(handle, conn, dirp);
866
867 /* This operation has no reasonable error condition
868 * (End of dir is also failure), so always succeed.
869 */
870 do_log(SMB_VFS_OP_READDIR, True, handle, "");
871
872 return result;
873 }
874
875 static void smb_full_audit_seekdir(vfs_handle_struct *handle, connection_struct *conn,
876 SMB_STRUCT_DIR *dirp, long offset)
877 {
878 SMB_VFS_NEXT_SEEKDIR(handle, conn, dirp, offset);
879
880 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
881 return;
882 }
883
884 static long smb_full_audit_telldir(vfs_handle_struct *handle, connection_struct *conn,
885 SMB_STRUCT_DIR *dirp)
886 {
887 long result;
888
889 result = SMB_VFS_NEXT_TELLDIR(handle, conn, dirp);
890
891 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
892
893 return result;
894 }
895
896 static void smb_full_audit_rewinddir(vfs_handle_struct *handle, connection_struct *conn,
897 SMB_STRUCT_DIR *dirp)
898 {
899 SMB_VFS_NEXT_REWINDDIR(handle, conn, dirp);
900
901 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
902 return;
903 }
904
905 static int smb_full_audit_mkdir(vfs_handle_struct *handle, connection_struct *conn,
906 const char *path, mode_t mode)
907 {
908 int result;
909
910 result = SMB_VFS_NEXT_MKDIR(handle, conn, path, mode);
911
912 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s", path);
913
914 return result;
915 }
916
917 static int smb_full_audit_rmdir(vfs_handle_struct *handle, connection_struct *conn,
918 const char *path)
919 {
920 int result;
921
922 result = SMB_VFS_NEXT_RMDIR(handle, conn, path);
923
924 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s", path);
925
926 return result;
927 }
928
929 static int smb_full_audit_closedir(vfs_handle_struct *handle, connection_struct *conn,
930 SMB_STRUCT_DIR *dirp)
931 {
932 int result;
933
934 result = SMB_VFS_NEXT_CLOSEDIR(handle, conn, dirp);
935
936 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
937
938 return result;
939 }
940
941 static int smb_full_audit_open(vfs_handle_struct *handle, connection_struct *conn,
942 const char *fname, int flags, mode_t mode)
943 {
944 int result;
945
946 result = SMB_VFS_NEXT_OPEN(handle, conn, fname, flags, mode);
947
948 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
949 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
950 fname);
951
952 return result;
953 }
954
955 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp, int fd)
956 {
957 int result;
958
959 result = SMB_VFS_NEXT_CLOSE(handle, fsp, fd);
960
961 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s", fsp->fsp_name);
962
963 return result;
964 }
965
966 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
967 int fd, void *data, size_t n)
968 {
969 ssize_t result;
970
971 result = SMB_VFS_NEXT_READ(handle, fsp, fd, data, n);
972
973 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s", fsp->fsp_name);
974
975 return result;
976 }
977
978 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
979 int fd, void *data, size_t n, SMB_OFF_T offset)
980 {
981 ssize_t result;
982
983 result = SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, offset);
984
985 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s", fsp->fsp_name);
986
987 return result;
988 }
989
990 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
991 int fd, const void *data, size_t n)
992 {
993 ssize_t result;
994
995 result = SMB_VFS_NEXT_WRITE(handle, fsp, fd, data, n);
996
997 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s", fsp->fsp_name);
998
999 return result;
1000 }
1001
1002 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1003 int fd, const void *data, size_t n,
1004 SMB_OFF_T offset)
1005 {
1006 ssize_t result;
1007
1008 result = SMB_VFS_NEXT_PWRITE(handle, fsp, fd, data, n, offset);
1009
1010 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s", fsp->fsp_name);
1011
1012 return result;
1013 }
1014
1015 static SMB_OFF_T smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1016 int filedes, SMB_OFF_T offset, int whence)
1017 {
1018 ssize_t result;
1019
1020 result = SMB_VFS_NEXT_LSEEK(handle, fsp, filedes, offset, whence);
1021
1022 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1023 "%s", fsp->fsp_name);
1024
1025 return result;
1026 }
1027
1028 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1029 files_struct *fsp, int fromfd,
1030 const DATA_BLOB *hdr, SMB_OFF_T offset,
1031 size_t n)
1032 {
1033 ssize_t result;
1034
1035 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, fromfd, hdr,
1036 offset, n);
1037
1038 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1039 "%s", fsp->fsp_name);
1040
1041 return result;
1042 }
1043
1044 static int smb_full_audit_rename(vfs_handle_struct *handle, connection_struct *conn,
1045 const char *oldname, const char *newname)
1046 {
1047 int result;
1048
1049 result = SMB_VFS_NEXT_RENAME(handle, conn, oldname, newname);
1050
1051 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s", oldname, newname);
1052
1053 return result;
1054 }
1055
1056 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp, int fd)
1057 {
1058 int result;
1059
1060 result = SMB_VFS_NEXT_FSYNC(handle, fsp, fd);
1061
1062 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s", fsp->fsp_name);
1063
1064 return result;
1065 }
1066
1067 static int smb_full_audit_stat(vfs_handle_struct *handle, connection_struct *conn,
1068 const char *fname, SMB_STRUCT_STAT *sbuf)
1069 {
1070 int result;
1071
1072 result = SMB_VFS_NEXT_STAT(handle, conn, fname, sbuf);
1073
1074 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s", fname);
1075
1076 return result;
1077 }
1078
1079 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp, int fd,
1080 SMB_STRUCT_STAT *sbuf)
1081 {
1082 int result;
1083
1084 result = SMB_VFS_NEXT_FSTAT(handle, fsp, fd, sbuf);
1085
1086 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s", fsp->fsp_name);
1087
1088 return result;
1089 }
1090
1091 static int smb_full_audit_lstat(vfs_handle_struct *handle, connection_struct *conn,
1092 const char *path, SMB_STRUCT_STAT *sbuf)
1093 {
1094 int result;
1095
1096 result = SMB_VFS_NEXT_LSTAT(handle, conn, path, sbuf);
1097
1098 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s", path);
1099
1100 return result;
1101 }
1102
1103 static int smb_full_audit_unlink(vfs_handle_struct *handle, connection_struct *conn,
1104 const char *path)
1105 {
1106 int result;
1107
1108 result = SMB_VFS_NEXT_UNLINK(handle, conn, path);
1109
1110 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s", path);
1111
1112 return result;
1113 }
1114
1115 static int smb_full_audit_chmod(vfs_handle_struct *handle, connection_struct *conn,
1116 const char *path, mode_t mode)
1117 {
1118 int result;
1119
1120 result = SMB_VFS_NEXT_CHMOD(handle, conn, path, mode);
1121
1122 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o", path, mode);
1123
1124 return result;
1125 }
1126
1127 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd,
1128 mode_t mode)
1129 {
1130 int result;
1131
1132 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
1133
1134 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1135 "%s|%o", fsp->fsp_name, mode);
1136
1137 return result;
1138 }
1139
1140 static int smb_full_audit_chown(vfs_handle_struct *handle, connection_struct *conn,
1141 const char *path, uid_t uid, gid_t gid)
1142 {
1143 int result;
1144
1145 result = SMB_VFS_NEXT_CHOWN(handle, conn, path, uid, gid);
1146
1147 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1148 path, (long int)uid, (long int)gid);
1149
1150 return result;
1151 }
1152
1153 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp, int fd,
1154 uid_t uid, gid_t gid)
1155 {
1156 int result;
1157
1158 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, fd, uid, gid);
1159
1160 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1161 fsp->fsp_name, (long int)uid, (long int)gid);
1162
1163 return result;
1164 }
1165
1166 static int smb_full_audit_chdir(vfs_handle_struct *handle, connection_struct *conn,
1167 const char *path)
1168 {
1169 int result;
1170
1171 result = SMB_VFS_NEXT_CHDIR(handle, conn, path);
1172
1173 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s", path);
1174
1175 return result;
1176 }
1177
1178 static char *smb_full_audit_getwd(vfs_handle_struct *handle, connection_struct *conn,
1179 char *path)
1180 {
1181 char *result;
1182
1183 result = SMB_VFS_NEXT_GETWD(handle, conn, path);
1184
1185 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s", path);
1186
1187 return result;
1188 }
1189
1190 static int smb_full_audit_utime(vfs_handle_struct *handle, connection_struct *conn,
1191 const char *path, struct utimbuf *times)
1192 {
1193 int result;
1194
1195 result = SMB_VFS_NEXT_UTIME(handle, conn, path, times);
1196
1197 do_log(SMB_VFS_OP_UTIME, (result >= 0), handle, "%s", path);
1198
1199 return result;
1200 }
1201
1202 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1203 int fd, SMB_OFF_T len)
1204 {
1205 int result;
1206
1207 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, fd, len);
1208
1209 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1210 "%s", fsp->fsp_name);
1211
1212 return result;
1213 }
1214
1215 static BOOL smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp, int fd,
1216 int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
1217 {
1218 BOOL result;
1219
1220 result = SMB_VFS_NEXT_LOCK(handle, fsp, fd, op, offset, count, type);
1221
1222 do_log(SMB_VFS_OP_LOCK, (result >= 0), handle, "%s", fsp->fsp_name);
1223
1224 return result;
1225 }
1226
1227 static int smb_full_audit_symlink(vfs_handle_struct *handle, connection_struct *conn,
1228 const char *oldpath, const char *newpath)
1229 {
1230 int result;
1231
1232 result = SMB_VFS_NEXT_SYMLINK(handle, conn, oldpath, newpath);
1233
1234 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1235 "%s|%s", oldpath, newpath);
1236
1237 return result;
1238 }
1239
1240 static int smb_full_audit_readlink(vfs_handle_struct *handle, connection_struct *conn,
1241 const char *path, char *buf, size_t bufsiz)
1242 {
1243 int result;
1244
1245 result = SMB_VFS_NEXT_READLINK(handle, conn, path, buf, bufsiz);
1246
1247 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s", path);
1248
1249 return result;
1250 }
1251
1252 static int smb_full_audit_link(vfs_handle_struct *handle, connection_struct *conn,
1253 const char *oldpath, const char *newpath)
1254 {
1255 int result;
1256
1257 result = SMB_VFS_NEXT_LINK(handle, conn, oldpath, newpath);
1258
1259 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1260 "%s|%s", oldpath, newpath);
1261
1262 return result;
1263 }
1264
1265 static int smb_full_audit_mknod(vfs_handle_struct *handle, connection_struct *conn,
1266 const char *pathname, mode_t mode, SMB_DEV_T dev)
1267 {
1268 int result;
1269
1270 result = SMB_VFS_NEXT_MKNOD(handle, conn, pathname, mode, dev);
1271
1272 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s", pathname);
1273
1274 return result;
1275 }
1276
1277 static char *smb_full_audit_realpath(vfs_handle_struct *handle, connection_struct *conn,
1278 const char *path, char *resolved_path)
1279 {
1280 char *result;
1281
1282 result = SMB_VFS_NEXT_REALPATH(handle, conn, path, resolved_path);
1283
1284 do_log(SMB_VFS_OP_REALPATH, (result != NULL), handle, "%s", path);
1285
1286 return result;
1287 }
1288
1289 static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1290 int fd, uint32 security_info,
1291 SEC_DESC **ppdesc)
1292 {
1293 size_t result;
1294
1295 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
1296 ppdesc);
1297
1298 do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
1299 "%s", fsp->fsp_name);
1300
1301 return result;
1302 }
1303
1304 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1305 const char *name, uint32 security_info,
1306 SEC_DESC **ppdesc)
1307 {
1308 size_t result;
1309
1310 result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
1311 ppdesc);
1312
1313 do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
1314 "%s", fsp->fsp_name);
1315
1316 return result;
1317 }
1318
1319 static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1320 int fd, uint32 security_info_sent,
1321 SEC_DESC *psd)
1322 {
1323 BOOL result;
1324
1325 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
1326 psd);
1327
1328 do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1329
1330 return result;
1331 }
1332
1333 static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
1334 const char *name, uint32 security_info_sent,
1335 SEC_DESC *psd)
1336 {
1337 BOOL result;
1338
1339 result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
1340 psd);
1341
1342 do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
1343
1344 return result;
1345 }
1346
1347 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, connection_struct *conn,
1348 const char *path, mode_t mode)
1349 {
1350 int result;
1351
1352 result = SMB_VFS_NEXT_CHMOD_ACL(handle, conn, path, mode);
1353
1354 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
1355 "%s|%o", path, mode);
1356
1357 return result;
1358 }
1359
1360 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
1361 int fd, mode_t mode)
1362 {
1363 int result;
1364
1365 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, fd, mode);
1366
1367 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
1368 "%s|%o", fsp->fsp_name, mode);
1369
1370 return result;
1371 }
1372
1373 static int smb_full_audit_sys_acl_get_entry(vfs_handle_struct *handle,
1374 connection_struct *conn,
1375 SMB_ACL_T theacl, int entry_id,
1376 SMB_ACL_ENTRY_T *entry_p)
1377 {
1378 int result;
1379
1380 result = SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, conn, theacl, entry_id,
1381 entry_p);
1382
1383 do_log(SMB_VFS_OP_SYS_ACL_GET_ENTRY, (result >= 0), handle,
1384 "");
1385
1386 return result;
1387 }
1388
1389 static int smb_full_audit_sys_acl_get_tag_type(vfs_handle_struct *handle,
1390 connection_struct *conn,
1391 SMB_ACL_ENTRY_T entry_d,
1392 SMB_ACL_TAG_T *tag_type_p)
1393 {
1394 int result;
1395
1396 result = SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, conn, entry_d,
1397 tag_type_p);
1398
1399 do_log(SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE, (result >= 0), handle,
1400 "");
1401
1402 return result;
1403 }
1404
1405 static int smb_full_audit_sys_acl_get_permset(vfs_handle_struct *handle,
1406 connection_struct *conn,
1407 SMB_ACL_ENTRY_T entry_d,
1408 SMB_ACL_PERMSET_T *permset_p)
1409 {
1410 int result;
1411
1412 result = SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, conn, entry_d,
1413 permset_p);
1414
1415 do_log(SMB_VFS_OP_SYS_ACL_GET_PERMSET, (result >= 0), handle,
1416 "");
1417
1418 return result;
1419 }
1420
1421 static void * smb_full_audit_sys_acl_get_qualifier(vfs_handle_struct *handle,
1422 connection_struct *conn,
1423 SMB_ACL_ENTRY_T entry_d)
1424 {
1425 void *result;
1426
1427 result = SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, conn, entry_d);
1428
1429 do_log(SMB_VFS_OP_SYS_ACL_GET_QUALIFIER, (result != NULL), handle,
1430 "");
1431
1432 return result;
1433 }
1434
1435 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
1436 connection_struct *conn,
1437 const char *path_p,
1438 SMB_ACL_TYPE_T type)
1439 {
1440 SMB_ACL_T result;
1441
1442 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, conn, path_p, type);
1443
1444 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
1445 "%s", path_p);
1446
1447 return result;
1448 }
1449
1450 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
1451 files_struct *fsp, int fd)
1452 {
1453 SMB_ACL_T result;
1454
1455 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, fd);
1456
1457 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
1458 "%s", fsp->fsp_name);
1459
1460 return result;
1461 }
1462
1463 static int smb_full_audit_sys_acl_clear_perms(vfs_handle_struct *handle,
1464 connection_struct *conn,
1465 SMB_ACL_PERMSET_T permset)
1466 {
1467 int result;
1468
1469 result = SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, conn, permset);
1470
1471 do_log(SMB_VFS_OP_SYS_ACL_CLEAR_PERMS, (result >= 0), handle,
1472 "");
1473
1474 return result;
1475 }
1476
1477 static int smb_full_audit_sys_acl_add_perm(vfs_handle_struct *handle,
1478 connection_struct *conn,
1479 SMB_ACL_PERMSET_T permset,
1480 SMB_ACL_PERM_T perm)
1481 {
1482 int result;
1483
1484 result = SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, conn, permset, perm);
1485
1486 do_log(SMB_VFS_OP_SYS_ACL_ADD_PERM, (result >= 0), handle,
1487 "");
1488
1489 return result;
1490 }
1491
1492 static char * smb_full_audit_sys_acl_to_text(vfs_handle_struct *handle,
1493 connection_struct *conn, SMB_ACL_T theacl,
1494 ssize_t *plen)
1495 {
1496 char * result;
1497
1498 result = SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, conn, theacl, plen);
1499
1500 do_log(SMB_VFS_OP_SYS_ACL_TO_TEXT, (result != NULL), handle,
1501 "");
1502
1503 return result;
1504 }
1505
1506 static SMB_ACL_T smb_full_audit_sys_acl_init(vfs_handle_struct *handle,
1507 connection_struct *conn,
1508 int count)
1509 {
1510 SMB_ACL_T result;
1511
1512 result = SMB_VFS_NEXT_SYS_ACL_INIT(handle, conn, count);
1513
1514 do_log(SMB_VFS_OP_SYS_ACL_INIT, (result != NULL), handle,
1515 "");
1516
1517 return result;
1518 }
1519
1520 static int smb_full_audit_sys_acl_create_entry(vfs_handle_struct *handle,
1521 connection_struct *conn, SMB_ACL_T *pacl,
1522 SMB_ACL_ENTRY_T *pentry)
1523 {
1524 int result;
1525
1526 result = SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, conn, pacl, pentry);
1527
1528 do_log(SMB_VFS_OP_SYS_ACL_CREATE_ENTRY, (result >= 0), handle,
1529 "");
1530
1531 return result;
1532 }
1533
1534 static int smb_full_audit_sys_acl_set_tag_type(vfs_handle_struct *handle,
1535 connection_struct *conn,
1536 SMB_ACL_ENTRY_T entry,
1537 SMB_ACL_TAG_T tagtype)
1538 {
1539 int result;
1540
1541 result = SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, conn, entry,
1542 tagtype);
1543
1544 do_log(SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE, (result >= 0), handle,
1545 "");
1546
1547 return result;
1548 }
1549
1550 static int smb_full_audit_sys_acl_set_qualifier(vfs_handle_struct *handle,
1551 connection_struct *conn,
1552 SMB_ACL_ENTRY_T entry,
1553 void *qual)
1554 {
1555 int result;
1556
1557 result = SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, conn, entry, qual);
1558
1559 do_log(SMB_VFS_OP_SYS_ACL_SET_QUALIFIER, (result >= 0), handle,
1560 "");
1561
1562 return result;
1563 }
1564
1565 static int smb_full_audit_sys_acl_set_permset(vfs_handle_struct *handle,
1566 connection_struct *conn,
1567 SMB_ACL_ENTRY_T entry,
1568 SMB_ACL_PERMSET_T permset)
1569 {
1570 int result;
1571
1572 result = SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, conn, entry, permset);
1573
1574 do_log(SMB_VFS_OP_SYS_ACL_SET_PERMSET, (result >= 0), handle,
1575 "");
1576
1577 return result;
1578 }
1579
1580 static int smb_full_audit_sys_acl_valid(vfs_handle_struct *handle,
1581 connection_struct *conn,
1582 SMB_ACL_T theacl )
1583 {
1584 int result;
1585
1586 result = SMB_VFS_NEXT_SYS_ACL_VALID(handle, conn, theacl);
1587
1588 do_log(SMB_VFS_OP_SYS_ACL_VALID, (result >= 0), handle,
1589 "");
1590
1591 return result;
1592 }
1593
1594 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
1595 connection_struct *conn,
1596 const char *name, SMB_ACL_TYPE_T acltype,
1597 SMB_ACL_T theacl)
1598 {
1599 int result;
1600
1601 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, conn, name, acltype,
1602 theacl);
1603
1604 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
1605 "%s", name);
1606
1607 return result;
1608 }
1609
1610 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
1611 int fd, SMB_ACL_T theacl)
1612 {
1613 int result;
1614
1615 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, fd, theacl);
1616
1617 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
1618 "%s", fsp->fsp_name);
1619
1620 return result;
1621 }
1622
1623 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
1624 connection_struct *conn,
1625 const char *path)
1626 {
1627 int result;
1628
1629 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, conn, path);
1630
1631 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
1632 "%s", path);
1633
1634 return result;
1635 }
1636
1637 static int smb_full_audit_sys_acl_get_perm(vfs_handle_struct *handle,
1638 connection_struct *conn,
1639 SMB_ACL_PERMSET_T permset,
1640 SMB_ACL_PERM_T perm)
1641 {
1642 int result;
1643
1644 result = SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, conn, permset, perm);
1645
1646 do_log(SMB_VFS_OP_SYS_ACL_GET_PERM, (result >= 0), handle,
1647 "");
1648
1649 return result;
1650 }
1651
1652 static int smb_full_audit_sys_acl_free_text(vfs_handle_struct *handle,
1653 connection_struct *conn,
1654 char *text)
1655 {
1656 int result;
1657
1658 result = SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, conn, text);
1659
1660 do_log(SMB_VFS_OP_SYS_ACL_FREE_TEXT, (result >= 0), handle,
1661 "");
1662
1663 return result;
1664 }
1665
1666 static int smb_full_audit_sys_acl_free_acl(vfs_handle_struct *handle,
1667 connection_struct *conn,
1668 SMB_ACL_T posix_acl)
1669 {
1670 int result;
1671
1672 result = SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, conn, posix_acl);
1673
1674 do_log(SMB_VFS_OP_SYS_ACL_FREE_ACL, (result >= 0), handle,
1675 "");
1676
1677 return result;
1678 }
1679
1680 static int smb_full_audit_sys_acl_free_qualifier(vfs_handle_struct *handle,
1681 connection_struct *conn,
1682 void *qualifier,
1683 SMB_ACL_TAG_T tagtype)
1684 {
1685 int result;
1686
1687 result = SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, conn, qualifier,
1688 tagtype);
1689
1690 do_log(SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER, (result >= 0), handle,
1691 "");
1692
1693 return result;
1694 }
1695
1696 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
1697 struct connection_struct *conn, const char *path,
1698 const char *name, void *value, size_t size)
1699 {
1700 ssize_t result;
1701
1702 result = SMB_VFS_NEXT_GETXATTR(handle, conn, path, name, value, size);
1703
1704 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
1705 "%s|%s", path, name);
1706
1707 return result;
1708 }
1709
1710 static ssize_t smb_full_audit_lgetxattr(struct vfs_handle_struct *handle,
1711 struct connection_struct *conn,
1712 const char *path, const char *name,
1713 void *value, size_t size)
1714 {
1715 ssize_t result;
1716
1717 result = SMB_VFS_NEXT_LGETXATTR(handle, conn, path, name, value, size);
1718
1719 do_log(SMB_VFS_OP_LGETXATTR, (result >= 0), handle,
1720 "%s|%s", path, name);
1721
1722 return result;
1723 }
1724
1725 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
1726 struct files_struct *fsp, int fd,
1727 const char *name, void *value, size_t size)
1728 {
1729 ssize_t result;
1730
1731 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, fd, name, value, size);
1732
1733 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
1734 "%s|%s", fsp->fsp_name, name);
1735
1736 return result;
1737 }
1738
1739 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
1740 struct connection_struct *conn,
1741 const char *path, char *list, size_t size)
1742 {
1743 ssize_t result;
1744
1745 result = SMB_VFS_NEXT_LISTXATTR(handle, conn, path, list, size);
1746
1747 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s", path);
1748
1749 return result;
1750 }
1751
1752 static ssize_t smb_full_audit_llistxattr(struct vfs_handle_struct *handle,
1753 struct connection_struct *conn,
1754 const char *path, char *list, size_t size)
1755 {
1756 ssize_t result;
1757
1758 result = SMB_VFS_NEXT_LLISTXATTR(handle, conn, path, list, size);
1759
1760 do_log(SMB_VFS_OP_LLISTXATTR, (result >= 0), handle, "%s", path);
1761
1762 return result;
1763 }
1764
1765 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
1766 struct files_struct *fsp, int fd, char *list,
1767 size_t size)
1768 {
1769 ssize_t result;
1770
1771 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, fd, list, size);
1772
1773 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
1774 "%s", fsp->fsp_name);
1775
1776 return result;
1777 }
1778
1779 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
1780 struct connection_struct *conn, const char *path,
1781 const char *name)
1782 {
1783 int result;
1784
1785 result = SMB_VFS_NEXT_REMOVEXATTR(handle, conn, path, name);
1786
1787 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
1788 "%s|%s", path, name);
1789
1790 return result;
1791 }
1792
1793 static int smb_full_audit_lremovexattr(struct vfs_handle_struct *handle,
1794 struct connection_struct *conn, const char *path,
1795 const char *name)
1796 {
1797 int result;
1798
1799 result = SMB_VFS_NEXT_LREMOVEXATTR(handle, conn, path, name);
1800
1801 do_log(SMB_VFS_OP_LREMOVEXATTR, (result >= 0), handle,
1802 "%s|%s", path, name);
1803
1804 return result;
1805 }
1806
1807 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
1808 struct files_struct *fsp, int fd,
1809 const char *name)
1810 {
1811 int result;
1812
1813 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, fd, name);
1814
1815 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
1816 "%s|%s", fsp->fsp_name, name);
1817
1818 return result;
1819 }
1820
1821 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
1822 struct connection_struct *conn, const char *path,
1823 const char *name, const void *value, size_t size,
1824 int flags)
1825 {
1826 int result;
1827
1828 result = SMB_VFS_NEXT_SETXATTR(handle, conn, path, name, value, size,
1829 flags);
1830
1831 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
1832 "%s|%s", path, name);
1833
1834 return result;
1835 }
1836
1837 static int smb_full_audit_lsetxattr(struct vfs_handle_struct *handle,
1838 struct connection_struct *conn, const char *path,
1839 const char *name, const void *value, size_t size,
1840 int flags)
1841 {
1842 int result;
1843
1844 result = SMB_VFS_NEXT_LSETXATTR(handle, conn, path, name, value, size,
1845 flags);
1846
1847 do_log(SMB_VFS_OP_LSETXATTR, (result >= 0), handle,
1848 "%s|%s", path, name);
1849
1850 return result;
1851 }
1852
1853 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
1854 struct files_struct *fsp, int fd, const char *name,
1855 const void *value, size_t size, int flags)
1856 {
1857 int result;
1858
1859 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, fd, name, value, size,
1860 flags);
1861
1862 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
1863 "%s|%s", fsp->fsp_name, name);
1864
1865 return result;
1866 }
1867
1868 static int smb_full_audit_aio_read(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
1869 {
1870 int result;
1871
1872 result = SMB_VFS_NEXT_AIO_READ(handle, fsp, aiocb);
1873 do_log(SMB_VFS_OP_AIO_READ, (result >= 0), handle,
1874 "%s", fsp->fsp_name);
1875
1876 return result;
1877 }
1878
1879 static int smb_full_audit_aio_write(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
1880 {
1881 int result;
1882
1883 result = SMB_VFS_NEXT_AIO_WRITE(handle, fsp, aiocb);
1884 do_log(SMB_VFS_OP_AIO_WRITE, (result >= 0), handle,
1885 "%s", fsp->fsp_name);
1886
1887 return result;
1888 }
1889
1890 static ssize_t smb_full_audit_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
1891 {
1892 int result;
1893
1894 result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
1895 do_log(SMB_VFS_OP_AIO_RETURN, (result >= 0), handle,
1896 "%s", fsp->fsp_name);
1897
1898 return result;
1899 }
1900
1901 static int smb_full_audit_aio_cancel(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, SMB_STRUCT_AIOCB *aiocb)
1902 {
1903 int result;
1904
1905 result = SMB_VFS_NEXT_AIO_CANCEL(handle, fsp, fd, aiocb);
1906 do_log(SMB_VFS_OP_AIO_CANCEL, (result >= 0), handle,
1907 "%s", fsp->fsp_name);
1908
1909 return result;
1910 }
1911
1912 static int smb_full_audit_aio_error(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
1913 {
1914 int result;
1915
1916 result = SMB_VFS_NEXT_AIO_ERROR(handle, fsp, aiocb);
1917 do_log(SMB_VFS_OP_AIO_ERROR, (result >= 0), handle,
1918 "%s", fsp->fsp_name);
1919
1920 return result;
1921 }
1922
1923 static int smb_full_audit_aio_fsync(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb)
1924 {
1925 int result;
1926
1927 result = SMB_VFS_NEXT_AIO_FSYNC(handle, fsp, op, aiocb);
1928 do_log(SMB_VFS_OP_AIO_FSYNC, (result >= 0), handle,
1929 "%s", fsp->fsp_name);
1930
1931 return result;
1932 }
1933
1934 static int smb_full_audit_aio_suspend(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *ts)
1935 {
1936 int result;
1937
1938 result = SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
1939 do_log(SMB_VFS_OP_AIO_SUSPEND, (result >= 0), handle,
1940 "%s", fsp->fsp_name);
1941
1942 return result;
1943 }
1944
1945
1946 NTSTATUS vfs_full_audit_init(void)
1947 {
1948 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
1949 "full_audit", audit_op_tuples);
1950
1951 if (!NT_STATUS_IS_OK(ret))
1952 return ret;
1953
1954 vfs_full_audit_debug_level = debug_add_class("full_audit");
1955 if (vfs_full_audit_debug_level == -1) {
1956 vfs_full_audit_debug_level = DBGC_VFS;
1957 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
1958 "class!\n"));
1959 } else {
1960 DEBUG(10, ("vfs_full_audit: Debug class number of "
1961 "'full_audit': %d\n", vfs_full_audit_debug_level));
1962 }
1963
1964 return ret;
1965 }
1966
Samba GIT mirror