search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
printing: Avoid an "extern current_user"
[Samba.git] / source3 / modules / vfs_full_audit.c
bloba205007f46f84a5028d6ae5ca7ba2ada55795bc2
1 /*
2 * Auditing VFS module for samba. Log selected file operations to syslog
3 * facility.
4 *
5 * Copyright (C) Tim Potter, 1999-2000
6 * Copyright (C) Alexander Bokovoy, 2002
7 * Copyright (C) John H Terpstra, 2003
8 * Copyright (C) Stefan (metze) Metzmacher, 2003
9 * Copyright (C) Volker Lendecke, 2004
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 3 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 */
24
25 /*
26 * This module implements parseable logging for all Samba VFS operations.
27 *
28 * You use it as follows:
29 *
30 * [tmp]
31 * path = /tmp
32 * vfs objects = full_audit
33 * full_audit:prefix = %u|%I
34 * full_audit:success = open opendir
35 * full_audit:failure = all
36 *
37 * vfs op can be "all" which means log all operations.
38 * vfs op can be "none" which means no logging.
39 *
40 * This leads to syslog entries of the form:
41 * smbd_audit: nobody|192.168.234.1|opendir|ok|.
42 * smbd_audit: nobody|192.168.234.1|open|fail (File not found)|r|x.txt
43 *
44 * where "nobody" is the connected username and "192.168.234.1" is the
45 * client's IP address.
46 *
47 * Options:
48 *
49 * prefix: A macro expansion template prepended to the syslog entry.
50 *
51 * success: A list of VFS operations for which a successful completion should
52 * be logged. Defaults to no logging at all. The special operation "all" logs
53 * - you guessed it - everything.
54 *
55 * failure: A list of VFS operations for which failure to complete should be
56 * logged. Defaults to logging everything.
57 */
58
59
60 #include "includes.h"
61 #include "system/filesys.h"
62 #include "system/syslog.h"
63 #include "smbd/smbd.h"
64 #include "../librpc/gen_ndr/ndr_netlogon.h"
65 #include "auth.h"
66 #include "ntioctl.h"
67 #include "lib/param/loadparm.h"
68 #include "lib/util/bitmap.h"
69 #include "lib/util/tevent_unix.h"
70 #include "libcli/security/sddl.h"
71 #include "passdb/machine_sid.h"
72
73 static int vfs_full_audit_debug_level = DBGC_VFS;
74
75 struct vfs_full_audit_private_data {
76 struct bitmap *success_ops;
77 struct bitmap *failure_ops;
78 int syslog_facility;
79 int syslog_priority;
80 bool log_secdesc;
81 bool do_syslog;
82 };
83
84 #undef DBGC_CLASS
85 #define DBGC_CLASS vfs_full_audit_debug_level
86
87 typedef enum _vfs_op_type {
88 SMB_VFS_OP_NOOP = -1,
89
90 /* Disk operations */
91
92 SMB_VFS_OP_CONNECT = 0,
93 SMB_VFS_OP_DISCONNECT,
94 SMB_VFS_OP_DISK_FREE,
95 SMB_VFS_OP_GET_QUOTA,
96 SMB_VFS_OP_SET_QUOTA,
97 SMB_VFS_OP_GET_SHADOW_COPY_DATA,
98 SMB_VFS_OP_STATVFS,
99 SMB_VFS_OP_FS_CAPABILITIES,
100 SMB_VFS_OP_GET_DFS_REFERRALS,
101
102 /* Directory operations */
103
104 SMB_VFS_OP_OPENDIR,
105 SMB_VFS_OP_FDOPENDIR,
106 SMB_VFS_OP_READDIR,
107 SMB_VFS_OP_SEEKDIR,
108 SMB_VFS_OP_TELLDIR,
109 SMB_VFS_OP_REWINDDIR,
110 SMB_VFS_OP_MKDIR,
111 SMB_VFS_OP_RMDIR,
112 SMB_VFS_OP_CLOSEDIR,
113 SMB_VFS_OP_INIT_SEARCH_OP,
114
115 /* File operations */
116
117 SMB_VFS_OP_OPEN,
118 SMB_VFS_OP_CREATE_FILE,
119 SMB_VFS_OP_CLOSE,
120 SMB_VFS_OP_READ,
121 SMB_VFS_OP_PREAD,
122 SMB_VFS_OP_PREAD_SEND,
123 SMB_VFS_OP_PREAD_RECV,
124 SMB_VFS_OP_WRITE,
125 SMB_VFS_OP_PWRITE,
126 SMB_VFS_OP_PWRITE_SEND,
127 SMB_VFS_OP_PWRITE_RECV,
128 SMB_VFS_OP_LSEEK,
129 SMB_VFS_OP_SENDFILE,
130 SMB_VFS_OP_RECVFILE,
131 SMB_VFS_OP_RENAME,
132 SMB_VFS_OP_FSYNC,
133 SMB_VFS_OP_FSYNC_SEND,
134 SMB_VFS_OP_FSYNC_RECV,
135 SMB_VFS_OP_STAT,
136 SMB_VFS_OP_FSTAT,
137 SMB_VFS_OP_LSTAT,
138 SMB_VFS_OP_GET_ALLOC_SIZE,
139 SMB_VFS_OP_UNLINK,
140 SMB_VFS_OP_CHMOD,
141 SMB_VFS_OP_FCHMOD,
142 SMB_VFS_OP_CHOWN,
143 SMB_VFS_OP_FCHOWN,
144 SMB_VFS_OP_LCHOWN,
145 SMB_VFS_OP_CHDIR,
146 SMB_VFS_OP_GETWD,
147 SMB_VFS_OP_NTIMES,
148 SMB_VFS_OP_FTRUNCATE,
149 SMB_VFS_OP_FALLOCATE,
150 SMB_VFS_OP_LOCK,
151 SMB_VFS_OP_KERNEL_FLOCK,
152 SMB_VFS_OP_LINUX_SETLEASE,
153 SMB_VFS_OP_GETLOCK,
154 SMB_VFS_OP_SYMLINK,
155 SMB_VFS_OP_READLINK,
156 SMB_VFS_OP_LINK,
157 SMB_VFS_OP_MKNOD,
158 SMB_VFS_OP_REALPATH,
159 SMB_VFS_OP_CHFLAGS,
160 SMB_VFS_OP_FILE_ID_CREATE,
161 SMB_VFS_OP_STREAMINFO,
162 SMB_VFS_OP_GET_REAL_FILENAME,
163 SMB_VFS_OP_CONNECTPATH,
164 SMB_VFS_OP_BRL_LOCK_WINDOWS,
165 SMB_VFS_OP_BRL_UNLOCK_WINDOWS,
166 SMB_VFS_OP_BRL_CANCEL_WINDOWS,
167 SMB_VFS_OP_STRICT_LOCK_CHECK,
168 SMB_VFS_OP_TRANSLATE_NAME,
169 SMB_VFS_OP_FSCTL,
170 SMB_VFS_OP_OFFLOAD_READ_SEND,
171 SMB_VFS_OP_OFFLOAD_READ_RECV,
172 SMB_VFS_OP_OFFLOAD_WRITE_SEND,
173 SMB_VFS_OP_OFFLOAD_WRITE_RECV,
174 SMB_VFS_OP_GET_COMPRESSION,
175 SMB_VFS_OP_SET_COMPRESSION,
176 SMB_VFS_OP_SNAP_CHECK_PATH,
177 SMB_VFS_OP_SNAP_CREATE,
178 SMB_VFS_OP_SNAP_DELETE,
179
180 /* DOS attribute operations. */
181 SMB_VFS_OP_GET_DOS_ATTRIBUTES,
182 SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
183 SMB_VFS_OP_SET_DOS_ATTRIBUTES,
184 SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
185
186 /* NT ACL operations. */
187
188 SMB_VFS_OP_FGET_NT_ACL,
189 SMB_VFS_OP_GET_NT_ACL,
190 SMB_VFS_OP_FSET_NT_ACL,
191 SMB_VFS_OP_AUDIT_FILE,
192
193 /* POSIX ACL operations. */
194
195 SMB_VFS_OP_CHMOD_ACL,
196 SMB_VFS_OP_FCHMOD_ACL,
197
198 SMB_VFS_OP_SYS_ACL_GET_FILE,
199 SMB_VFS_OP_SYS_ACL_GET_FD,
200 SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
201 SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
202 SMB_VFS_OP_SYS_ACL_SET_FILE,
203 SMB_VFS_OP_SYS_ACL_SET_FD,
204 SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
205
206 /* EA operations. */
207 SMB_VFS_OP_GETXATTR,
208 SMB_VFS_OP_FGETXATTR,
209 SMB_VFS_OP_LISTXATTR,
210 SMB_VFS_OP_FLISTXATTR,
211 SMB_VFS_OP_REMOVEXATTR,
212 SMB_VFS_OP_FREMOVEXATTR,
213 SMB_VFS_OP_SETXATTR,
214 SMB_VFS_OP_FSETXATTR,
215
216 /* aio operations */
217 SMB_VFS_OP_AIO_FORCE,
218
219 /* offline operations */
220 SMB_VFS_OP_IS_OFFLINE,
221 SMB_VFS_OP_SET_OFFLINE,
222
223 /* Durable handle operations. */
224 SMB_VFS_OP_DURABLE_COOKIE,
225 SMB_VFS_OP_DURABLE_DISCONNECT,
226 SMB_VFS_OP_DURABLE_RECONNECT,
227
228 SMB_VFS_OP_READDIR_ATTR,
229
230 /* This should always be last enum value */
231
232 SMB_VFS_OP_LAST
233 } vfs_op_type;
234
235 /* The following array *must* be in the same order as defined in vfs_op_type */
236
237 static struct {
238 vfs_op_type type;
239 const char *name;
240 } vfs_op_names[] = {
241 { SMB_VFS_OP_CONNECT, "connect" },
242 { SMB_VFS_OP_DISCONNECT, "disconnect" },
243 { SMB_VFS_OP_DISK_FREE, "disk_free" },
244 { SMB_VFS_OP_GET_QUOTA, "get_quota" },
245 { SMB_VFS_OP_SET_QUOTA, "set_quota" },
246 { SMB_VFS_OP_GET_SHADOW_COPY_DATA, "get_shadow_copy_data" },
247 { SMB_VFS_OP_STATVFS, "statvfs" },
248 { SMB_VFS_OP_FS_CAPABILITIES, "fs_capabilities" },
249 { SMB_VFS_OP_GET_DFS_REFERRALS, "get_dfs_referrals" },
250 { SMB_VFS_OP_OPENDIR, "opendir" },
251 { SMB_VFS_OP_FDOPENDIR, "fdopendir" },
252 { SMB_VFS_OP_READDIR, "readdir" },
253 { SMB_VFS_OP_SEEKDIR, "seekdir" },
254 { SMB_VFS_OP_TELLDIR, "telldir" },
255 { SMB_VFS_OP_REWINDDIR, "rewinddir" },
256 { SMB_VFS_OP_MKDIR, "mkdir" },
257 { SMB_VFS_OP_RMDIR, "rmdir" },
258 { SMB_VFS_OP_CLOSEDIR, "closedir" },
259 { SMB_VFS_OP_INIT_SEARCH_OP, "init_search_op" },
260 { SMB_VFS_OP_OPEN, "open" },
261 { SMB_VFS_OP_CREATE_FILE, "create_file" },
262 { SMB_VFS_OP_CLOSE, "close" },
263 { SMB_VFS_OP_READ, "read" },
264 { SMB_VFS_OP_PREAD, "pread" },
265 { SMB_VFS_OP_PREAD_SEND, "pread_send" },
266 { SMB_VFS_OP_PREAD_RECV, "pread_recv" },
267 { SMB_VFS_OP_WRITE, "write" },
268 { SMB_VFS_OP_PWRITE, "pwrite" },
269 { SMB_VFS_OP_PWRITE_SEND, "pwrite_send" },
270 { SMB_VFS_OP_PWRITE_RECV, "pwrite_recv" },
271 { SMB_VFS_OP_LSEEK, "lseek" },
272 { SMB_VFS_OP_SENDFILE, "sendfile" },
273 { SMB_VFS_OP_RECVFILE, "recvfile" },
274 { SMB_VFS_OP_RENAME, "rename" },
275 { SMB_VFS_OP_FSYNC, "fsync" },
276 { SMB_VFS_OP_FSYNC_SEND, "fsync_send" },
277 { SMB_VFS_OP_FSYNC_RECV, "fsync_recv" },
278 { SMB_VFS_OP_STAT, "stat" },
279 { SMB_VFS_OP_FSTAT, "fstat" },
280 { SMB_VFS_OP_LSTAT, "lstat" },
281 { SMB_VFS_OP_GET_ALLOC_SIZE, "get_alloc_size" },
282 { SMB_VFS_OP_UNLINK, "unlink" },
283 { SMB_VFS_OP_CHMOD, "chmod" },
284 { SMB_VFS_OP_FCHMOD, "fchmod" },
285 { SMB_VFS_OP_CHOWN, "chown" },
286 { SMB_VFS_OP_FCHOWN, "fchown" },
287 { SMB_VFS_OP_LCHOWN, "lchown" },
288 { SMB_VFS_OP_CHDIR, "chdir" },
289 { SMB_VFS_OP_GETWD, "getwd" },
290 { SMB_VFS_OP_NTIMES, "ntimes" },
291 { SMB_VFS_OP_FTRUNCATE, "ftruncate" },
292 { SMB_VFS_OP_FALLOCATE,"fallocate" },
293 { SMB_VFS_OP_LOCK, "lock" },
294 { SMB_VFS_OP_KERNEL_FLOCK, "kernel_flock" },
295 { SMB_VFS_OP_LINUX_SETLEASE, "linux_setlease" },
296 { SMB_VFS_OP_GETLOCK, "getlock" },
297 { SMB_VFS_OP_SYMLINK, "symlink" },
298 { SMB_VFS_OP_READLINK, "readlink" },
299 { SMB_VFS_OP_LINK, "link" },
300 { SMB_VFS_OP_MKNOD, "mknod" },
301 { SMB_VFS_OP_REALPATH, "realpath" },
302 { SMB_VFS_OP_CHFLAGS, "chflags" },
303 { SMB_VFS_OP_FILE_ID_CREATE, "file_id_create" },
304 { SMB_VFS_OP_STREAMINFO, "streaminfo" },
305 { SMB_VFS_OP_GET_REAL_FILENAME, "get_real_filename" },
306 { SMB_VFS_OP_CONNECTPATH, "connectpath" },
307 { SMB_VFS_OP_BRL_LOCK_WINDOWS, "brl_lock_windows" },
308 { SMB_VFS_OP_BRL_UNLOCK_WINDOWS, "brl_unlock_windows" },
309 { SMB_VFS_OP_BRL_CANCEL_WINDOWS, "brl_cancel_windows" },
310 { SMB_VFS_OP_STRICT_LOCK_CHECK, "strict_lock_check" },
311 { SMB_VFS_OP_TRANSLATE_NAME, "translate_name" },
312 { SMB_VFS_OP_FSCTL, "fsctl" },
313 { SMB_VFS_OP_OFFLOAD_READ_SEND, "offload_read_send" },
314 { SMB_VFS_OP_OFFLOAD_READ_RECV, "offload_read_recv" },
315 { SMB_VFS_OP_OFFLOAD_WRITE_SEND, "offload_write_send" },
316 { SMB_VFS_OP_OFFLOAD_WRITE_RECV, "offload_write_recv" },
317 { SMB_VFS_OP_GET_COMPRESSION, "get_compression" },
318 { SMB_VFS_OP_SET_COMPRESSION, "set_compression" },
319 { SMB_VFS_OP_SNAP_CHECK_PATH, "snap_check_path" },
320 { SMB_VFS_OP_SNAP_CREATE, "snap_create" },
321 { SMB_VFS_OP_SNAP_DELETE, "snap_delete" },
322 { SMB_VFS_OP_GET_DOS_ATTRIBUTES, "get_dos_attributes" },
323 { SMB_VFS_OP_FGET_DOS_ATTRIBUTES, "fget_dos_attributes" },
324 { SMB_VFS_OP_SET_DOS_ATTRIBUTES, "set_dos_attributes" },
325 { SMB_VFS_OP_FSET_DOS_ATTRIBUTES, "fset_dos_attributes" },
326 { SMB_VFS_OP_FGET_NT_ACL, "fget_nt_acl" },
327 { SMB_VFS_OP_GET_NT_ACL, "get_nt_acl" },
328 { SMB_VFS_OP_FSET_NT_ACL, "fset_nt_acl" },
329 { SMB_VFS_OP_AUDIT_FILE, "audit_file" },
330 { SMB_VFS_OP_CHMOD_ACL, "chmod_acl" },
331 { SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
332 { SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
333 { SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
334 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
335 { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
336 { SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
337 { SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
338 { SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
339 { SMB_VFS_OP_GETXATTR, "getxattr" },
340 { SMB_VFS_OP_FGETXATTR, "fgetxattr" },
341 { SMB_VFS_OP_LISTXATTR, "listxattr" },
342 { SMB_VFS_OP_FLISTXATTR, "flistxattr" },
343 { SMB_VFS_OP_REMOVEXATTR, "removexattr" },
344 { SMB_VFS_OP_FREMOVEXATTR, "fremovexattr" },
345 { SMB_VFS_OP_SETXATTR, "setxattr" },
346 { SMB_VFS_OP_FSETXATTR, "fsetxattr" },
347 { SMB_VFS_OP_AIO_FORCE, "aio_force" },
348 { SMB_VFS_OP_IS_OFFLINE, "is_offline" },
349 { SMB_VFS_OP_SET_OFFLINE, "set_offline" },
350 { SMB_VFS_OP_DURABLE_COOKIE, "durable_cookie" },
351 { SMB_VFS_OP_DURABLE_DISCONNECT, "durable_disconnect" },
352 { SMB_VFS_OP_DURABLE_RECONNECT, "durable_reconnect" },
353 { SMB_VFS_OP_READDIR_ATTR, "readdir_attr" },
354 { SMB_VFS_OP_LAST, NULL }
355 };
356
357 static int audit_syslog_facility(vfs_handle_struct *handle)
358 {
359 static const struct enum_list enum_log_facilities[] = {
360 { LOG_USER, "USER" },
361 { LOG_LOCAL0, "LOCAL0" },
362 { LOG_LOCAL1, "LOCAL1" },
363 { LOG_LOCAL2, "LOCAL2" },
364 { LOG_LOCAL3, "LOCAL3" },
365 { LOG_LOCAL4, "LOCAL4" },
366 { LOG_LOCAL5, "LOCAL5" },
367 { LOG_LOCAL6, "LOCAL6" },
368 { LOG_LOCAL7, "LOCAL7" },
369 { -1, NULL}
370 };
371
372 int facility;
373
374 facility = lp_parm_enum(SNUM(handle->conn), "full_audit", "facility", enum_log_facilities, LOG_USER);
375
376 return facility;
377 }
378
379 static int audit_syslog_priority(vfs_handle_struct *handle)
380 {
381 static const struct enum_list enum_log_priorities[] = {
382 { LOG_EMERG, "EMERG" },
383 { LOG_ALERT, "ALERT" },
384 { LOG_CRIT, "CRIT" },
385 { LOG_ERR, "ERR" },
386 { LOG_WARNING, "WARNING" },
387 { LOG_NOTICE, "NOTICE" },
388 { LOG_INFO, "INFO" },
389 { LOG_DEBUG, "DEBUG" },
390 { -1, NULL}
391 };
392
393 int priority;
394
395 priority = lp_parm_enum(SNUM(handle->conn), "full_audit", "priority",
396 enum_log_priorities, LOG_NOTICE);
397 if (priority == -1) {
398 priority = LOG_WARNING;
399 }
400
401 return priority;
402 }
403
404 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
405 {
406 char *prefix = NULL;
407 char *result;
408
409 prefix = talloc_strdup(ctx,
410 lp_parm_const_string(SNUM(conn), "full_audit",
411 "prefix", "%u|%I"));
412 if (!prefix) {
413 return NULL;
414 }
415 result = talloc_sub_advanced(ctx,
416 lp_servicename(talloc_tos(), SNUM(conn)),
417 conn->session_info->unix_info->unix_name,
418 conn->connectpath,
419 conn->session_info->unix_token->gid,
420 conn->session_info->unix_info->sanitized_username,
421 conn->session_info->info->domain_name,
422 prefix);
423 TALLOC_FREE(prefix);
424 return result;
425 }
426
427 static bool log_success(struct vfs_full_audit_private_data *pd, vfs_op_type op)
428 {
429 if (pd->success_ops == NULL) {
430 return True;
431 }
432
433 return bitmap_query(pd->success_ops, op);
434 }
435
436 static bool log_failure(struct vfs_full_audit_private_data *pd, vfs_op_type op)
437 {
438 if (pd->failure_ops == NULL)
439 return True;
440
441 return bitmap_query(pd->failure_ops, op);
442 }
443
444 static struct bitmap *init_bitmap(TALLOC_CTX *mem_ctx, const char **ops)
445 {
446 struct bitmap *bm;
447
448 if (ops == NULL) {
449 return NULL;
450 }
451
452 bm = bitmap_talloc(mem_ctx, SMB_VFS_OP_LAST);
453 if (bm == NULL) {
454 DEBUG(0, ("Could not alloc bitmap -- "
455 "defaulting to logging everything\n"));
456 return NULL;
457 }
458
459 for (; *ops != NULL; ops += 1) {
460 int i;
461 bool neg = false;
462 const char *op;
463
464 if (strequal(*ops, "all")) {
465 for (i=0; i<SMB_VFS_OP_LAST; i++) {
466 bitmap_set(bm, i);
467 }
468 continue;
469 }
470
471 if (strequal(*ops, "none")) {
472 break;
473 }
474
475 op = ops[0];
476 if (op[0] == '!') {
477 neg = true;
478 op += 1;
479 }
480
481 for (i=0; i<SMB_VFS_OP_LAST; i++) {
482 if ((vfs_op_names[i].name == NULL)
483 || (vfs_op_names[i].type != i)) {
484 smb_panic("vfs_full_audit.c: name table not "
485 "in sync with vfs_op_type enums\n");
486 }
487 if (strequal(op, vfs_op_names[i].name)) {
488 if (neg) {
489 bitmap_clear(bm, i);
490 } else {
491 bitmap_set(bm, i);
492 }
493 break;
494 }
495 }
496 if (i == SMB_VFS_OP_LAST) {
497 DEBUG(0, ("Could not find opname %s, logging all\n",
498 *ops));
499 TALLOC_FREE(bm);
500 return NULL;
501 }
502 }
503 return bm;
504 }
505
506 static const char *audit_opname(vfs_op_type op)
507 {
508 if (op >= SMB_VFS_OP_LAST)
509 return "INVALID VFS OP";
510 return vfs_op_names[op].name;
511 }
512
513 static TALLOC_CTX *tmp_do_log_ctx;
514 /*
515 * Get us a temporary talloc context usable just for DEBUG arguments
516 */
517 static TALLOC_CTX *do_log_ctx(void)
518 {
519 if (tmp_do_log_ctx == NULL) {
520 tmp_do_log_ctx = talloc_named_const(NULL, 0, "do_log_ctx");
521 }
522 return tmp_do_log_ctx;
523 }
524
525 static void do_log(vfs_op_type op, bool success, vfs_handle_struct *handle,
526 const char *format, ...)
527 {
528 struct vfs_full_audit_private_data *pd;
529 fstring err_msg;
530 char *audit_pre = NULL;
531 va_list ap;
532 char *op_msg = NULL;
533
534 SMB_VFS_HANDLE_GET_DATA(handle, pd,
535 struct vfs_full_audit_private_data,
536 return;);
537
538 if (success && (!log_success(pd, op)))
539 goto out;
540
541 if (!success && (!log_failure(pd, op)))
542 goto out;
543
544 if (success)
545 fstrcpy(err_msg, "ok");
546 else
547 fstr_sprintf(err_msg, "fail (%s)", strerror(errno));
548
549 va_start(ap, format);
550 op_msg = talloc_vasprintf(talloc_tos(), format, ap);
551 va_end(ap);
552
553 if (!op_msg) {
554 goto out;
555 }
556
557 audit_pre = audit_prefix(talloc_tos(), handle->conn);
558
559 if (pd->do_syslog) {
560 int priority;
561
562 /*
563 * Specify the facility to interoperate with other syslog
564 * callers (smbd for example).
565 */
566 priority = pd->syslog_priority | pd->syslog_facility;
567
568 syslog(priority, "%s|%s|%s|%s\n",
569 audit_pre ? audit_pre : "",
570 audit_opname(op), err_msg, op_msg);
571 } else {
572 DEBUG(1, ("%s|%s|%s|%s\n",
573 audit_pre ? audit_pre : "",
574 audit_opname(op), err_msg, op_msg));
575 }
576 out:
577 TALLOC_FREE(audit_pre);
578 TALLOC_FREE(op_msg);
579 TALLOC_FREE(tmp_do_log_ctx);
580 }
581
582 /**
583 * Return a string using the do_log_ctx()
584 */
585 static const char *smb_fname_str_do_log(const struct smb_filename *smb_fname)
586 {
587 char *fname = NULL;
588 NTSTATUS status;
589
590 if (smb_fname == NULL) {
591 return "";
592 }
593 status = get_full_smb_filename(do_log_ctx(), smb_fname, &fname);
594 if (!NT_STATUS_IS_OK(status)) {
595 return "";
596 }
597 return fname;
598 }
599
600 /**
601 * Return an fsp debug string using the do_log_ctx()
602 */
603 static const char *fsp_str_do_log(const struct files_struct *fsp)
604 {
605 return smb_fname_str_do_log(fsp->fsp_name);
606 }
607
608 /* Implementation of vfs_ops. Pass everything on to the default
609 operation but log event first. */
610
611 static int smb_full_audit_connect(vfs_handle_struct *handle,
612 const char *svc, const char *user)
613 {
614 int result;
615 struct vfs_full_audit_private_data *pd = NULL;
616
617 result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
618 if (result < 0) {
619 return result;
620 }
621
622 pd = talloc_zero(handle, struct vfs_full_audit_private_data);
623 if (!pd) {
624 SMB_VFS_NEXT_DISCONNECT(handle);
625 return -1;
626 }
627
628 pd->syslog_facility = audit_syslog_facility(handle);
629 if (pd->syslog_facility == -1) {
630 DEBUG(1, ("%s: Unknown facility %s\n", __func__,
631 lp_parm_const_string(SNUM(handle->conn),
632 "full_audit", "facility",
633 "USER")));
634 SMB_VFS_NEXT_DISCONNECT(handle);
635 return -1;
636 }
637
638 pd->syslog_priority = audit_syslog_priority(handle);
639
640 pd->log_secdesc = lp_parm_bool(SNUM(handle->conn),
641 "full_audit", "log_secdesc", false);
642
643 pd->do_syslog = lp_parm_bool(SNUM(handle->conn),
644 "full_audit", "syslog", true);
645
646 #ifdef WITH_SYSLOG
647 if (pd->do_syslog) {
648 openlog("smbd_audit", 0, pd->syslog_facility);
649 }
650 #endif
651
652 pd->success_ops = init_bitmap(
653 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
654 "success", NULL));
655 pd->failure_ops = init_bitmap(
656 pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
657 "failure", NULL));
658
659 /* Store the private data. */
660 SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
661 struct vfs_full_audit_private_data, return -1);
662
663 do_log(SMB_VFS_OP_CONNECT, True, handle,
664 "%s", svc);
665
666 return 0;
667 }
668
669 static void smb_full_audit_disconnect(vfs_handle_struct *handle)
670 {
671 SMB_VFS_NEXT_DISCONNECT(handle);
672
673 do_log(SMB_VFS_OP_DISCONNECT, True, handle,
674 "%s", lp_servicename(talloc_tos(), SNUM(handle->conn)));
675
676 /* The bitmaps will be disconnected when the private
677 data is deleted. */
678 }
679
680 static uint64_t smb_full_audit_disk_free(vfs_handle_struct *handle,
681 const struct smb_filename *smb_fname,
682 uint64_t *bsize,
683 uint64_t *dfree,
684 uint64_t *dsize)
685 {
686 uint64_t result;
687
688 result = SMB_VFS_NEXT_DISK_FREE(handle, smb_fname, bsize, dfree, dsize);
689
690 /* Don't have a reasonable notion of failure here */
691
692 do_log(SMB_VFS_OP_DISK_FREE, True, handle, "%s", smb_fname->base_name);
693
694 return result;
695 }
696
697 static int smb_full_audit_get_quota(struct vfs_handle_struct *handle,
698 const struct smb_filename *smb_fname,
699 enum SMB_QUOTA_TYPE qtype,
700 unid_t id,
701 SMB_DISK_QUOTA *qt)
702 {
703 int result;
704
705 result = SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname, qtype, id, qt);
706
707 do_log(SMB_VFS_OP_GET_QUOTA, (result >= 0), handle, "%s",
708 smb_fname->base_name);
709
710 return result;
711 }
712
713 static int smb_full_audit_set_quota(struct vfs_handle_struct *handle,
714 enum SMB_QUOTA_TYPE qtype, unid_t id,
715 SMB_DISK_QUOTA *qt)
716 {
717 int result;
718
719 result = SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt);
720
721 do_log(SMB_VFS_OP_SET_QUOTA, (result >= 0), handle, "");
722
723 return result;
724 }
725
726 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct *handle,
727 struct files_struct *fsp,
728 struct shadow_copy_data *shadow_copy_data,
729 bool labels)
730 {
731 int result;
732
733 result = SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data, labels);
734
735 do_log(SMB_VFS_OP_GET_SHADOW_COPY_DATA, (result >= 0), handle, "");
736
737 return result;
738 }
739
740 static int smb_full_audit_statvfs(struct vfs_handle_struct *handle,
741 const struct smb_filename *smb_fname,
742 struct vfs_statvfs_struct *statbuf)
743 {
744 int result;
745
746 result = SMB_VFS_NEXT_STATVFS(handle, smb_fname, statbuf);
747
748 do_log(SMB_VFS_OP_STATVFS, (result >= 0), handle, "");
749
750 return result;
751 }
752
753 static uint32_t smb_full_audit_fs_capabilities(struct vfs_handle_struct *handle, enum timestamp_set_resolution *p_ts_res)
754 {
755 int result;
756
757 result = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
758
759 do_log(SMB_VFS_OP_FS_CAPABILITIES, true, handle, "");
760
761 return result;
762 }
763
764 static NTSTATUS smb_full_audit_get_dfs_referrals(
765 struct vfs_handle_struct *handle,
766 struct dfs_GetDFSReferral *r)
767 {
768 NTSTATUS status;
769
770 status = SMB_VFS_NEXT_GET_DFS_REFERRALS(handle, r);
771
772 do_log(SMB_VFS_OP_GET_DFS_REFERRALS, NT_STATUS_IS_OK(status),
773 handle, "");
774
775 return status;
776 }
777
778 static NTSTATUS smb_full_audit_snap_check_path(struct vfs_handle_struct *handle,
779 TALLOC_CTX *mem_ctx,
780 const char *service_path,
781 char **base_volume)
782 {
783 NTSTATUS status;
784
785 status = SMB_VFS_NEXT_SNAP_CHECK_PATH(handle, mem_ctx, service_path,
786 base_volume);
787 do_log(SMB_VFS_OP_SNAP_CHECK_PATH, NT_STATUS_IS_OK(status),
788 handle, "");
789
790 return status;
791 }
792
793 static NTSTATUS smb_full_audit_snap_create(struct vfs_handle_struct *handle,
794 TALLOC_CTX *mem_ctx,
795 const char *base_volume,
796 time_t *tstamp,
797 bool rw,
798 char **base_path,
799 char **snap_path)
800 {
801 NTSTATUS status;
802
803 status = SMB_VFS_NEXT_SNAP_CREATE(handle, mem_ctx, base_volume, tstamp,
804 rw, base_path, snap_path);
805 do_log(SMB_VFS_OP_SNAP_CREATE, NT_STATUS_IS_OK(status), handle, "");
806
807 return status;
808 }
809
810 static NTSTATUS smb_full_audit_snap_delete(struct vfs_handle_struct *handle,
811 TALLOC_CTX *mem_ctx,
812 char *base_path,
813 char *snap_path)
814 {
815 NTSTATUS status;
816
817 status = SMB_VFS_NEXT_SNAP_DELETE(handle, mem_ctx, base_path,
818 snap_path);
819 do_log(SMB_VFS_OP_SNAP_DELETE, NT_STATUS_IS_OK(status), handle, "");
820
821 return status;
822 }
823
824 static DIR *smb_full_audit_opendir(vfs_handle_struct *handle,
825 const struct smb_filename *smb_fname,
826 const char *mask,
827 uint32_t attr)
828 {
829 DIR *result;
830
831 result = SMB_VFS_NEXT_OPENDIR(handle, smb_fname, mask, attr);
832
833 do_log(SMB_VFS_OP_OPENDIR, (result != NULL), handle, "%s",
834 smb_fname->base_name);
835
836 return result;
837 }
838
839 static DIR *smb_full_audit_fdopendir(vfs_handle_struct *handle,
840 files_struct *fsp, const char *mask, uint32_t attr)
841 {
842 DIR *result;
843
844 result = SMB_VFS_NEXT_FDOPENDIR(handle, fsp, mask, attr);
845
846 do_log(SMB_VFS_OP_FDOPENDIR, (result != NULL), handle, "%s",
847 fsp_str_do_log(fsp));
848
849 return result;
850 }
851
852 static struct dirent *smb_full_audit_readdir(vfs_handle_struct *handle,
853 DIR *dirp, SMB_STRUCT_STAT *sbuf)
854 {
855 struct dirent *result;
856
857 result = SMB_VFS_NEXT_READDIR(handle, dirp, sbuf);
858
859 /* This operation has no reasonable error condition
860 * (End of dir is also failure), so always succeed.
861 */
862 do_log(SMB_VFS_OP_READDIR, True, handle, "");
863
864 return result;
865 }
866
867 static void smb_full_audit_seekdir(vfs_handle_struct *handle,
868 DIR *dirp, long offset)
869 {
870 SMB_VFS_NEXT_SEEKDIR(handle, dirp, offset);
871
872 do_log(SMB_VFS_OP_SEEKDIR, True, handle, "");
873 }
874
875 static long smb_full_audit_telldir(vfs_handle_struct *handle,
876 DIR *dirp)
877 {
878 long result;
879
880 result = SMB_VFS_NEXT_TELLDIR(handle, dirp);
881
882 do_log(SMB_VFS_OP_TELLDIR, True, handle, "");
883
884 return result;
885 }
886
887 static void smb_full_audit_rewinddir(vfs_handle_struct *handle,
888 DIR *dirp)
889 {
890 SMB_VFS_NEXT_REWINDDIR(handle, dirp);
891
892 do_log(SMB_VFS_OP_REWINDDIR, True, handle, "");
893 }
894
895 static int smb_full_audit_mkdir(vfs_handle_struct *handle,
896 const struct smb_filename *smb_fname, mode_t mode)
897 {
898 int result;
899
900 result = SMB_VFS_NEXT_MKDIR(handle, smb_fname, mode);
901
902 do_log(SMB_VFS_OP_MKDIR, (result >= 0), handle, "%s",
903 smb_fname->base_name);
904
905 return result;
906 }
907
908 static int smb_full_audit_rmdir(vfs_handle_struct *handle,
909 const struct smb_filename *smb_fname)
910 {
911 int result;
912
913 result = SMB_VFS_NEXT_RMDIR(handle, smb_fname);
914
915 do_log(SMB_VFS_OP_RMDIR, (result >= 0), handle, "%s",
916 smb_fname->base_name);
917
918 return result;
919 }
920
921 static int smb_full_audit_closedir(vfs_handle_struct *handle,
922 DIR *dirp)
923 {
924 int result;
925
926 result = SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
927
928 do_log(SMB_VFS_OP_CLOSEDIR, (result >= 0), handle, "");
929
930 return result;
931 }
932
933 static void smb_full_audit_init_search_op(vfs_handle_struct *handle,
934 DIR *dirp)
935 {
936 SMB_VFS_NEXT_INIT_SEARCH_OP(handle, dirp);
937
938 do_log(SMB_VFS_OP_INIT_SEARCH_OP, True, handle, "");
939 }
940
941 static int smb_full_audit_open(vfs_handle_struct *handle,
942 struct smb_filename *smb_fname,
943 files_struct *fsp, int flags, mode_t mode)
944 {
945 int result;
946
947 result = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
948
949 do_log(SMB_VFS_OP_OPEN, (result >= 0), handle, "%s|%s",
950 ((flags & O_WRONLY) || (flags & O_RDWR))?"w":"r",
951 smb_fname_str_do_log(smb_fname));
952
953 return result;
954 }
955
956 static NTSTATUS smb_full_audit_create_file(vfs_handle_struct *handle,
957 struct smb_request *req,
958 uint16_t root_dir_fid,
959 struct smb_filename *smb_fname,
960 uint32_t access_mask,
961 uint32_t share_access,
962 uint32_t create_disposition,
963 uint32_t create_options,
964 uint32_t file_attributes,
965 uint32_t oplock_request,
966 struct smb2_lease *lease,
967 uint64_t allocation_size,
968 uint32_t private_flags,
969 struct security_descriptor *sd,
970 struct ea_list *ea_list,
971 files_struct **result_fsp,
972 int *pinfo,
973 const struct smb2_create_blobs *in_context_blobs,
974 struct smb2_create_blobs *out_context_blobs)
975 {
976 NTSTATUS result;
977 const char* str_create_disposition;
978
979 switch (create_disposition) {
980 case FILE_SUPERSEDE:
981 str_create_disposition = "supersede";
982 break;
983 case FILE_OVERWRITE_IF:
984 str_create_disposition = "overwrite_if";
985 break;
986 case FILE_OPEN:
987 str_create_disposition = "open";
988 break;
989 case FILE_OVERWRITE:
990 str_create_disposition = "overwrite";
991 break;
992 case FILE_CREATE:
993 str_create_disposition = "create";
994 break;
995 case FILE_OPEN_IF:
996 str_create_disposition = "open_if";
997 break;
998 default:
999 str_create_disposition = "unknown";
1000 }
1001
1002 result = SMB_VFS_NEXT_CREATE_FILE(
1003 handle, /* handle */
1004 req, /* req */
1005 root_dir_fid, /* root_dir_fid */
1006 smb_fname, /* fname */
1007 access_mask, /* access_mask */
1008 share_access, /* share_access */
1009 create_disposition, /* create_disposition*/
1010 create_options, /* create_options */
1011 file_attributes, /* file_attributes */
1012 oplock_request, /* oplock_request */
1013 lease, /* lease */
1014 allocation_size, /* allocation_size */
1015 private_flags,
1016 sd, /* sd */
1017 ea_list, /* ea_list */
1018 result_fsp, /* result */
1019 pinfo, /* pinfo */
1020 in_context_blobs, out_context_blobs); /* create context */
1021
1022 do_log(SMB_VFS_OP_CREATE_FILE, (NT_STATUS_IS_OK(result)), handle,
1023 "0x%x|%s|%s|%s", access_mask,
1024 create_options & FILE_DIRECTORY_FILE ? "dir" : "file",
1025 str_create_disposition, smb_fname_str_do_log(smb_fname));
1026
1027 return result;
1028 }
1029
1030 static int smb_full_audit_close(vfs_handle_struct *handle, files_struct *fsp)
1031 {
1032 int result;
1033
1034 result = SMB_VFS_NEXT_CLOSE(handle, fsp);
1035
1036 do_log(SMB_VFS_OP_CLOSE, (result >= 0), handle, "%s",
1037 fsp_str_do_log(fsp));
1038
1039 return result;
1040 }
1041
1042 static ssize_t smb_full_audit_read(vfs_handle_struct *handle, files_struct *fsp,
1043 void *data, size_t n)
1044 {
1045 ssize_t result;
1046
1047 result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
1048
1049 do_log(SMB_VFS_OP_READ, (result >= 0), handle, "%s",
1050 fsp_str_do_log(fsp));
1051
1052 return result;
1053 }
1054
1055 static ssize_t smb_full_audit_pread(vfs_handle_struct *handle, files_struct *fsp,
1056 void *data, size_t n, off_t offset)
1057 {
1058 ssize_t result;
1059
1060 result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
1061
1062 do_log(SMB_VFS_OP_PREAD, (result >= 0), handle, "%s",
1063 fsp_str_do_log(fsp));
1064
1065 return result;
1066 }
1067
1068 struct smb_full_audit_pread_state {
1069 vfs_handle_struct *handle;
1070 files_struct *fsp;
1071 ssize_t ret;
1072 struct vfs_aio_state vfs_aio_state;
1073 };
1074
1075 static void smb_full_audit_pread_done(struct tevent_req *subreq);
1076
1077 static struct tevent_req *smb_full_audit_pread_send(
1078 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1079 struct tevent_context *ev, struct files_struct *fsp,
1080 void *data, size_t n, off_t offset)
1081 {
1082 struct tevent_req *req, *subreq;
1083 struct smb_full_audit_pread_state *state;
1084
1085 req = tevent_req_create(mem_ctx, &state,
1086 struct smb_full_audit_pread_state);
1087 if (req == NULL) {
1088 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1089 fsp_str_do_log(fsp));
1090 return NULL;
1091 }
1092 state->handle = handle;
1093 state->fsp = fsp;
1094
1095 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
1096 n, offset);
1097 if (tevent_req_nomem(subreq, req)) {
1098 do_log(SMB_VFS_OP_PREAD_SEND, false, handle, "%s",
1099 fsp_str_do_log(fsp));
1100 return tevent_req_post(req, ev);
1101 }
1102 tevent_req_set_callback(subreq, smb_full_audit_pread_done, req);
1103
1104 do_log(SMB_VFS_OP_PREAD_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1105 return req;
1106 }
1107
1108 static void smb_full_audit_pread_done(struct tevent_req *subreq)
1109 {
1110 struct tevent_req *req = tevent_req_callback_data(
1111 subreq, struct tevent_req);
1112 struct smb_full_audit_pread_state *state = tevent_req_data(
1113 req, struct smb_full_audit_pread_state);
1114
1115 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
1116 TALLOC_FREE(subreq);
1117 tevent_req_done(req);
1118 }
1119
1120 static ssize_t smb_full_audit_pread_recv(struct tevent_req *req,
1121 struct vfs_aio_state *vfs_aio_state)
1122 {
1123 struct smb_full_audit_pread_state *state = tevent_req_data(
1124 req, struct smb_full_audit_pread_state);
1125
1126 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1127 do_log(SMB_VFS_OP_PREAD_RECV, false, state->handle, "%s",
1128 fsp_str_do_log(state->fsp));
1129 return -1;
1130 }
1131
1132 do_log(SMB_VFS_OP_PREAD_RECV, (state->ret >= 0), state->handle, "%s",
1133 fsp_str_do_log(state->fsp));
1134
1135 *vfs_aio_state = state->vfs_aio_state;
1136 return state->ret;
1137 }
1138
1139 static ssize_t smb_full_audit_write(vfs_handle_struct *handle, files_struct *fsp,
1140 const void *data, size_t n)
1141 {
1142 ssize_t result;
1143
1144 result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
1145
1146 do_log(SMB_VFS_OP_WRITE, (result >= 0), handle, "%s",
1147 fsp_str_do_log(fsp));
1148
1149 return result;
1150 }
1151
1152 static ssize_t smb_full_audit_pwrite(vfs_handle_struct *handle, files_struct *fsp,
1153 const void *data, size_t n,
1154 off_t offset)
1155 {
1156 ssize_t result;
1157
1158 result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
1159
1160 do_log(SMB_VFS_OP_PWRITE, (result >= 0), handle, "%s",
1161 fsp_str_do_log(fsp));
1162
1163 return result;
1164 }
1165
1166 struct smb_full_audit_pwrite_state {
1167 vfs_handle_struct *handle;
1168 files_struct *fsp;
1169 ssize_t ret;
1170 struct vfs_aio_state vfs_aio_state;
1171 };
1172
1173 static void smb_full_audit_pwrite_done(struct tevent_req *subreq);
1174
1175 static struct tevent_req *smb_full_audit_pwrite_send(
1176 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1177 struct tevent_context *ev, struct files_struct *fsp,
1178 const void *data, size_t n, off_t offset)
1179 {
1180 struct tevent_req *req, *subreq;
1181 struct smb_full_audit_pwrite_state *state;
1182
1183 req = tevent_req_create(mem_ctx, &state,
1184 struct smb_full_audit_pwrite_state);
1185 if (req == NULL) {
1186 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1187 fsp_str_do_log(fsp));
1188 return NULL;
1189 }
1190 state->handle = handle;
1191 state->fsp = fsp;
1192
1193 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
1194 n, offset);
1195 if (tevent_req_nomem(subreq, req)) {
1196 do_log(SMB_VFS_OP_PWRITE_SEND, false, handle, "%s",
1197 fsp_str_do_log(fsp));
1198 return tevent_req_post(req, ev);
1199 }
1200 tevent_req_set_callback(subreq, smb_full_audit_pwrite_done, req);
1201
1202 do_log(SMB_VFS_OP_PWRITE_SEND, true, handle, "%s",
1203 fsp_str_do_log(fsp));
1204 return req;
1205 }
1206
1207 static void smb_full_audit_pwrite_done(struct tevent_req *subreq)
1208 {
1209 struct tevent_req *req = tevent_req_callback_data(
1210 subreq, struct tevent_req);
1211 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1212 req, struct smb_full_audit_pwrite_state);
1213
1214 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
1215 TALLOC_FREE(subreq);
1216 tevent_req_done(req);
1217 }
1218
1219 static ssize_t smb_full_audit_pwrite_recv(struct tevent_req *req,
1220 struct vfs_aio_state *vfs_aio_state)
1221 {
1222 struct smb_full_audit_pwrite_state *state = tevent_req_data(
1223 req, struct smb_full_audit_pwrite_state);
1224
1225 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1226 do_log(SMB_VFS_OP_PWRITE_RECV, false, state->handle, "%s",
1227 fsp_str_do_log(state->fsp));
1228 return -1;
1229 }
1230
1231 do_log(SMB_VFS_OP_PWRITE_RECV, (state->ret >= 0), state->handle, "%s",
1232 fsp_str_do_log(state->fsp));
1233
1234 *vfs_aio_state = state->vfs_aio_state;
1235 return state->ret;
1236 }
1237
1238 static off_t smb_full_audit_lseek(vfs_handle_struct *handle, files_struct *fsp,
1239 off_t offset, int whence)
1240 {
1241 ssize_t result;
1242
1243 result = SMB_VFS_NEXT_LSEEK(handle, fsp, offset, whence);
1244
1245 do_log(SMB_VFS_OP_LSEEK, (result != (ssize_t)-1), handle,
1246 "%s", fsp_str_do_log(fsp));
1247
1248 return result;
1249 }
1250
1251 static ssize_t smb_full_audit_sendfile(vfs_handle_struct *handle, int tofd,
1252 files_struct *fromfsp,
1253 const DATA_BLOB *hdr, off_t offset,
1254 size_t n)
1255 {
1256 ssize_t result;
1257
1258 result = SMB_VFS_NEXT_SENDFILE(handle, tofd, fromfsp, hdr, offset, n);
1259
1260 do_log(SMB_VFS_OP_SENDFILE, (result >= 0), handle,
1261 "%s", fsp_str_do_log(fromfsp));
1262
1263 return result;
1264 }
1265
1266 static ssize_t smb_full_audit_recvfile(vfs_handle_struct *handle, int fromfd,
1267 files_struct *tofsp,
1268 off_t offset,
1269 size_t n)
1270 {
1271 ssize_t result;
1272
1273 result = SMB_VFS_NEXT_RECVFILE(handle, fromfd, tofsp, offset, n);
1274
1275 do_log(SMB_VFS_OP_RECVFILE, (result >= 0), handle,
1276 "%s", fsp_str_do_log(tofsp));
1277
1278 return result;
1279 }
1280
1281 static int smb_full_audit_rename(vfs_handle_struct *handle,
1282 const struct smb_filename *smb_fname_src,
1283 const struct smb_filename *smb_fname_dst)
1284 {
1285 int result;
1286
1287 result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
1288
1289 do_log(SMB_VFS_OP_RENAME, (result >= 0), handle, "%s|%s",
1290 smb_fname_str_do_log(smb_fname_src),
1291 smb_fname_str_do_log(smb_fname_dst));
1292
1293 return result;
1294 }
1295
1296 static int smb_full_audit_fsync(vfs_handle_struct *handle, files_struct *fsp)
1297 {
1298 int result;
1299
1300 result = SMB_VFS_NEXT_FSYNC(handle, fsp);
1301
1302 do_log(SMB_VFS_OP_FSYNC, (result >= 0), handle, "%s",
1303 fsp_str_do_log(fsp));
1304
1305 return result;
1306 }
1307
1308 struct smb_full_audit_fsync_state {
1309 vfs_handle_struct *handle;
1310 files_struct *fsp;
1311 int ret;
1312 struct vfs_aio_state vfs_aio_state;
1313 };
1314
1315 static void smb_full_audit_fsync_done(struct tevent_req *subreq);
1316
1317 static struct tevent_req *smb_full_audit_fsync_send(
1318 struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx,
1319 struct tevent_context *ev, struct files_struct *fsp)
1320 {
1321 struct tevent_req *req, *subreq;
1322 struct smb_full_audit_fsync_state *state;
1323
1324 req = tevent_req_create(mem_ctx, &state,
1325 struct smb_full_audit_fsync_state);
1326 if (req == NULL) {
1327 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1328 fsp_str_do_log(fsp));
1329 return NULL;
1330 }
1331 state->handle = handle;
1332 state->fsp = fsp;
1333
1334 subreq = SMB_VFS_NEXT_FSYNC_SEND(state, ev, handle, fsp);
1335 if (tevent_req_nomem(subreq, req)) {
1336 do_log(SMB_VFS_OP_FSYNC_SEND, false, handle, "%s",
1337 fsp_str_do_log(fsp));
1338 return tevent_req_post(req, ev);
1339 }
1340 tevent_req_set_callback(subreq, smb_full_audit_fsync_done, req);
1341
1342 do_log(SMB_VFS_OP_FSYNC_SEND, true, handle, "%s", fsp_str_do_log(fsp));
1343 return req;
1344 }
1345
1346 static void smb_full_audit_fsync_done(struct tevent_req *subreq)
1347 {
1348 struct tevent_req *req = tevent_req_callback_data(
1349 subreq, struct tevent_req);
1350 struct smb_full_audit_fsync_state *state = tevent_req_data(
1351 req, struct smb_full_audit_fsync_state);
1352
1353 state->ret = SMB_VFS_FSYNC_RECV(subreq, &state->vfs_aio_state);
1354 TALLOC_FREE(subreq);
1355 tevent_req_done(req);
1356 }
1357
1358 static int smb_full_audit_fsync_recv(struct tevent_req *req,
1359 struct vfs_aio_state *vfs_aio_state)
1360 {
1361 struct smb_full_audit_fsync_state *state = tevent_req_data(
1362 req, struct smb_full_audit_fsync_state);
1363
1364 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
1365 do_log(SMB_VFS_OP_FSYNC_RECV, false, state->handle, "%s",
1366 fsp_str_do_log(state->fsp));
1367 return -1;
1368 }
1369
1370 do_log(SMB_VFS_OP_FSYNC_RECV, (state->ret >= 0), state->handle, "%s",
1371 fsp_str_do_log(state->fsp));
1372
1373 *vfs_aio_state = state->vfs_aio_state;
1374 return state->ret;
1375 }
1376
1377 static int smb_full_audit_stat(vfs_handle_struct *handle,
1378 struct smb_filename *smb_fname)
1379 {
1380 int result;
1381
1382 result = SMB_VFS_NEXT_STAT(handle, smb_fname);
1383
1384 do_log(SMB_VFS_OP_STAT, (result >= 0), handle, "%s",
1385 smb_fname_str_do_log(smb_fname));
1386
1387 return result;
1388 }
1389
1390 static int smb_full_audit_fstat(vfs_handle_struct *handle, files_struct *fsp,
1391 SMB_STRUCT_STAT *sbuf)
1392 {
1393 int result;
1394
1395 result = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1396
1397 do_log(SMB_VFS_OP_FSTAT, (result >= 0), handle, "%s",
1398 fsp_str_do_log(fsp));
1399
1400 return result;
1401 }
1402
1403 static int smb_full_audit_lstat(vfs_handle_struct *handle,
1404 struct smb_filename *smb_fname)
1405 {
1406 int result;
1407
1408 result = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1409
1410 do_log(SMB_VFS_OP_LSTAT, (result >= 0), handle, "%s",
1411 smb_fname_str_do_log(smb_fname));
1412
1413 return result;
1414 }
1415
1416 static uint64_t smb_full_audit_get_alloc_size(vfs_handle_struct *handle,
1417 files_struct *fsp, const SMB_STRUCT_STAT *sbuf)
1418 {
1419 uint64_t result;
1420
1421 result = SMB_VFS_NEXT_GET_ALLOC_SIZE(handle, fsp, sbuf);
1422
1423 do_log(SMB_VFS_OP_GET_ALLOC_SIZE, (result != (uint64_t)-1), handle,
1424 "%llu", result);
1425
1426 return result;
1427 }
1428
1429 static int smb_full_audit_unlink(vfs_handle_struct *handle,
1430 const struct smb_filename *smb_fname)
1431 {
1432 int result;
1433
1434 result = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
1435
1436 do_log(SMB_VFS_OP_UNLINK, (result >= 0), handle, "%s",
1437 smb_fname_str_do_log(smb_fname));
1438
1439 return result;
1440 }
1441
1442 static int smb_full_audit_chmod(vfs_handle_struct *handle,
1443 const struct smb_filename *smb_fname,
1444 mode_t mode)
1445 {
1446 int result;
1447
1448 result = SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
1449
1450 do_log(SMB_VFS_OP_CHMOD, (result >= 0), handle, "%s|%o",
1451 smb_fname->base_name,
1452 mode);
1453
1454 return result;
1455 }
1456
1457 static int smb_full_audit_fchmod(vfs_handle_struct *handle, files_struct *fsp,
1458 mode_t mode)
1459 {
1460 int result;
1461
1462 result = SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1463
1464 do_log(SMB_VFS_OP_FCHMOD, (result >= 0), handle,
1465 "%s|%o", fsp_str_do_log(fsp), mode);
1466
1467 return result;
1468 }
1469
1470 static int smb_full_audit_chown(vfs_handle_struct *handle,
1471 const struct smb_filename *smb_fname,
1472 uid_t uid,
1473 gid_t gid)
1474 {
1475 int result;
1476
1477 result = SMB_VFS_NEXT_CHOWN(handle, smb_fname, uid, gid);
1478
1479 do_log(SMB_VFS_OP_CHOWN, (result >= 0), handle, "%s|%ld|%ld",
1480 smb_fname->base_name, (long int)uid, (long int)gid);
1481
1482 return result;
1483 }
1484
1485 static int smb_full_audit_fchown(vfs_handle_struct *handle, files_struct *fsp,
1486 uid_t uid, gid_t gid)
1487 {
1488 int result;
1489
1490 result = SMB_VFS_NEXT_FCHOWN(handle, fsp, uid, gid);
1491
1492 do_log(SMB_VFS_OP_FCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1493 fsp_str_do_log(fsp), (long int)uid, (long int)gid);
1494
1495 return result;
1496 }
1497
1498 static int smb_full_audit_lchown(vfs_handle_struct *handle,
1499 const struct smb_filename *smb_fname,
1500 uid_t uid,
1501 gid_t gid)
1502 {
1503 int result;
1504
1505 result = SMB_VFS_NEXT_LCHOWN(handle, smb_fname, uid, gid);
1506
1507 do_log(SMB_VFS_OP_LCHOWN, (result >= 0), handle, "%s|%ld|%ld",
1508 smb_fname->base_name, (long int)uid, (long int)gid);
1509
1510 return result;
1511 }
1512
1513 static int smb_full_audit_chdir(vfs_handle_struct *handle,
1514 const struct smb_filename *smb_fname)
1515 {
1516 int result;
1517
1518 result = SMB_VFS_NEXT_CHDIR(handle, smb_fname);
1519
1520 do_log(SMB_VFS_OP_CHDIR, (result >= 0), handle, "chdir|%s",
1521 smb_fname->base_name);
1522
1523 return result;
1524 }
1525
1526 static struct smb_filename *smb_full_audit_getwd(vfs_handle_struct *handle,
1527 TALLOC_CTX *ctx)
1528 {
1529 struct smb_filename *result;
1530
1531 result = SMB_VFS_NEXT_GETWD(handle, ctx);
1532
1533 do_log(SMB_VFS_OP_GETWD, (result != NULL), handle, "%s",
1534 result == NULL? "" : result->base_name);
1535
1536 return result;
1537 }
1538
1539 static int smb_full_audit_ntimes(vfs_handle_struct *handle,
1540 const struct smb_filename *smb_fname,
1541 struct smb_file_time *ft)
1542 {
1543 int result;
1544
1545 result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1546
1547 do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
1548 smb_fname_str_do_log(smb_fname));
1549
1550 return result;
1551 }
1552
1553 static int smb_full_audit_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1554 off_t len)
1555 {
1556 int result;
1557
1558 result = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1559
1560 do_log(SMB_VFS_OP_FTRUNCATE, (result >= 0), handle,
1561 "%s", fsp_str_do_log(fsp));
1562
1563 return result;
1564 }
1565
1566 static int smb_full_audit_fallocate(vfs_handle_struct *handle, files_struct *fsp,
1567 uint32_t mode,
1568 off_t offset,
1569 off_t len)
1570 {
1571 int result;
1572
1573 result = SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1574
1575 do_log(SMB_VFS_OP_FALLOCATE, (result >= 0), handle,
1576 "%s", fsp_str_do_log(fsp));
1577
1578 return result;
1579 }
1580
1581 static bool smb_full_audit_lock(vfs_handle_struct *handle, files_struct *fsp,
1582 int op, off_t offset, off_t count, int type)
1583 {
1584 bool result;
1585
1586 result = SMB_VFS_NEXT_LOCK(handle, fsp, op, offset, count, type);
1587
1588 do_log(SMB_VFS_OP_LOCK, result, handle, "%s", fsp_str_do_log(fsp));
1589
1590 return result;
1591 }
1592
1593 static int smb_full_audit_kernel_flock(struct vfs_handle_struct *handle,
1594 struct files_struct *fsp,
1595 uint32_t share_mode, uint32_t access_mask)
1596 {
1597 int result;
1598
1599 result = SMB_VFS_NEXT_KERNEL_FLOCK(handle, fsp, share_mode, access_mask);
1600
1601 do_log(SMB_VFS_OP_KERNEL_FLOCK, (result >= 0), handle, "%s",
1602 fsp_str_do_log(fsp));
1603
1604 return result;
1605 }
1606
1607 static int smb_full_audit_linux_setlease(vfs_handle_struct *handle, files_struct *fsp,
1608 int leasetype)
1609 {
1610 int result;
1611
1612 result = SMB_VFS_NEXT_LINUX_SETLEASE(handle, fsp, leasetype);
1613
1614 do_log(SMB_VFS_OP_LINUX_SETLEASE, (result >= 0), handle, "%s",
1615 fsp_str_do_log(fsp));
1616
1617 return result;
1618 }
1619
1620 static bool smb_full_audit_getlock(vfs_handle_struct *handle, files_struct *fsp,
1621 off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
1622 {
1623 bool result;
1624
1625 result = SMB_VFS_NEXT_GETLOCK(handle, fsp, poffset, pcount, ptype, ppid);
1626
1627 do_log(SMB_VFS_OP_GETLOCK, result, handle, "%s", fsp_str_do_log(fsp));
1628
1629 return result;
1630 }
1631
1632 static int smb_full_audit_symlink(vfs_handle_struct *handle,
1633 const char *link_contents,
1634 const struct smb_filename *new_smb_fname)
1635 {
1636 int result;
1637
1638 result = SMB_VFS_NEXT_SYMLINK(handle, link_contents, new_smb_fname);
1639
1640 do_log(SMB_VFS_OP_SYMLINK, (result >= 0), handle,
1641 "%s|%s", link_contents, new_smb_fname->base_name);
1642
1643 return result;
1644 }
1645
1646 static int smb_full_audit_readlink(vfs_handle_struct *handle,
1647 const struct smb_filename *smb_fname,
1648 char *buf,
1649 size_t bufsiz)
1650 {
1651 int result;
1652
1653 result = SMB_VFS_NEXT_READLINK(handle, smb_fname, buf, bufsiz);
1654
1655 do_log(SMB_VFS_OP_READLINK, (result >= 0), handle, "%s",
1656 smb_fname->base_name);
1657
1658 return result;
1659 }
1660
1661 static int smb_full_audit_link(vfs_handle_struct *handle,
1662 const struct smb_filename *old_smb_fname,
1663 const struct smb_filename *new_smb_fname)
1664 {
1665 int result;
1666
1667 result = SMB_VFS_NEXT_LINK(handle, old_smb_fname, new_smb_fname);
1668
1669 do_log(SMB_VFS_OP_LINK, (result >= 0), handle,
1670 "%s|%s", old_smb_fname->base_name, new_smb_fname->base_name);
1671
1672 return result;
1673 }
1674
1675 static int smb_full_audit_mknod(vfs_handle_struct *handle,
1676 const struct smb_filename *smb_fname,
1677 mode_t mode,
1678 SMB_DEV_T dev)
1679 {
1680 int result;
1681
1682 result = SMB_VFS_NEXT_MKNOD(handle, smb_fname, mode, dev);
1683
1684 do_log(SMB_VFS_OP_MKNOD, (result >= 0), handle, "%s",
1685 smb_fname->base_name);
1686
1687 return result;
1688 }
1689
1690 static struct smb_filename *smb_full_audit_realpath(vfs_handle_struct *handle,
1691 TALLOC_CTX *ctx,
1692 const struct smb_filename *smb_fname)
1693 {
1694 struct smb_filename *result_fname = NULL;
1695
1696 result_fname = SMB_VFS_NEXT_REALPATH(handle, ctx, smb_fname);
1697
1698 do_log(SMB_VFS_OP_REALPATH, (result_fname != NULL), handle, "%s",
1699 smb_fname->base_name);
1700
1701 return result_fname;
1702 }
1703
1704 static int smb_full_audit_chflags(vfs_handle_struct *handle,
1705 const struct smb_filename *smb_fname,
1706 unsigned int flags)
1707 {
1708 int result;
1709
1710 result = SMB_VFS_NEXT_CHFLAGS(handle, smb_fname, flags);
1711
1712 do_log(SMB_VFS_OP_CHFLAGS, (result != 0), handle, "%s",
1713 smb_fname->base_name);
1714
1715 return result;
1716 }
1717
1718 static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
1719 const SMB_STRUCT_STAT *sbuf)
1720 {
1721 struct file_id id_zero;
1722 struct file_id result;
1723
1724 ZERO_STRUCT(id_zero);
1725
1726 result = SMB_VFS_NEXT_FILE_ID_CREATE(handle, sbuf);
1727
1728 do_log(SMB_VFS_OP_FILE_ID_CREATE,
1729 !file_id_equal(&id_zero, &result),
1730 handle, "%s", file_id_string_tos(&result));
1731
1732 return result;
1733 }
1734
1735 static NTSTATUS smb_full_audit_streaminfo(vfs_handle_struct *handle,
1736 struct files_struct *fsp,
1737 const struct smb_filename *smb_fname,
1738 TALLOC_CTX *mem_ctx,
1739 unsigned int *pnum_streams,
1740 struct stream_struct **pstreams)
1741 {
1742 NTSTATUS result;
1743
1744 result = SMB_VFS_NEXT_STREAMINFO(handle, fsp, smb_fname, mem_ctx,
1745 pnum_streams, pstreams);
1746
1747 do_log(SMB_VFS_OP_STREAMINFO, NT_STATUS_IS_OK(result), handle,
1748 "%s", smb_fname->base_name);
1749
1750 return result;
1751 }
1752
1753 static int smb_full_audit_get_real_filename(struct vfs_handle_struct *handle,
1754 const char *path,
1755 const char *name,
1756 TALLOC_CTX *mem_ctx,
1757 char **found_name)
1758 {
1759 int result;
1760
1761 result = SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name, mem_ctx,
1762 found_name);
1763
1764 do_log(SMB_VFS_OP_GET_REAL_FILENAME, (result == 0), handle,
1765 "%s/%s->%s", path, name, (result == 0) ? "" : *found_name);
1766
1767 return result;
1768 }
1769
1770 static const char *smb_full_audit_connectpath(vfs_handle_struct *handle,
1771 const struct smb_filename *smb_fname)
1772 {
1773 const char *result;
1774
1775 result = SMB_VFS_NEXT_CONNECTPATH(handle, smb_fname);
1776
1777 do_log(SMB_VFS_OP_CONNECTPATH, result != NULL, handle,
1778 "%s", smb_fname->base_name);
1779
1780 return result;
1781 }
1782
1783 static NTSTATUS smb_full_audit_brl_lock_windows(struct vfs_handle_struct *handle,
1784 struct byte_range_lock *br_lck,
1785 struct lock_struct *plock,
1786 bool blocking_lock)
1787 {
1788 NTSTATUS result;
1789
1790 result = SMB_VFS_NEXT_BRL_LOCK_WINDOWS(handle, br_lck, plock,
1791 blocking_lock);
1792
1793 do_log(SMB_VFS_OP_BRL_LOCK_WINDOWS, NT_STATUS_IS_OK(result), handle,
1794 "%s:%llu-%llu. type=%d. blocking=%d",
1795 fsp_str_do_log(brl_fsp(br_lck)),
1796 plock->start, plock->size, plock->lock_type, blocking_lock);
1797
1798 return result;
1799 }
1800
1801 static bool smb_full_audit_brl_unlock_windows(struct vfs_handle_struct *handle,
1802 struct messaging_context *msg_ctx,
1803 struct byte_range_lock *br_lck,
1804 const struct lock_struct *plock)
1805 {
1806 bool result;
1807
1808 result = SMB_VFS_NEXT_BRL_UNLOCK_WINDOWS(handle, msg_ctx, br_lck,
1809 plock);
1810
1811 do_log(SMB_VFS_OP_BRL_UNLOCK_WINDOWS, (result == 0), handle,
1812 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1813 plock->start,
1814 plock->size, plock->lock_type);
1815
1816 return result;
1817 }
1818
1819 static bool smb_full_audit_brl_cancel_windows(struct vfs_handle_struct *handle,
1820 struct byte_range_lock *br_lck,
1821 struct lock_struct *plock)
1822 {
1823 bool result;
1824
1825 result = SMB_VFS_NEXT_BRL_CANCEL_WINDOWS(handle, br_lck, plock);
1826
1827 do_log(SMB_VFS_OP_BRL_CANCEL_WINDOWS, (result == 0), handle,
1828 "%s:%llu-%llu:%d", fsp_str_do_log(brl_fsp(br_lck)),
1829 plock->start,
1830 plock->size, plock->lock_type);
1831
1832 return result;
1833 }
1834
1835 static bool smb_full_audit_strict_lock_check(struct vfs_handle_struct *handle,
1836 struct files_struct *fsp,
1837 struct lock_struct *plock)
1838 {
1839 bool result;
1840
1841 result = SMB_VFS_NEXT_STRICT_LOCK_CHECK(handle, fsp, plock);
1842
1843 do_log(SMB_VFS_OP_STRICT_LOCK_CHECK, result, handle,
1844 "%s:%llu-%llu:%d", fsp_str_do_log(fsp), plock->start,
1845 plock->size, plock->lock_type);
1846
1847 return result;
1848 }
1849
1850 static NTSTATUS smb_full_audit_translate_name(struct vfs_handle_struct *handle,
1851 const char *name,
1852 enum vfs_translate_direction direction,
1853 TALLOC_CTX *mem_ctx,
1854 char **mapped_name)
1855 {
1856 NTSTATUS result;
1857
1858 result = SMB_VFS_NEXT_TRANSLATE_NAME(handle, name, direction, mem_ctx,
1859 mapped_name);
1860
1861 do_log(SMB_VFS_OP_TRANSLATE_NAME, NT_STATUS_IS_OK(result), handle, "");
1862
1863 return result;
1864 }
1865
1866 static NTSTATUS smb_full_audit_fsctl(struct vfs_handle_struct *handle,
1867 struct files_struct *fsp,
1868 TALLOC_CTX *ctx,
1869 uint32_t function,
1870 uint16_t req_flags,
1871 const uint8_t *_in_data,
1872 uint32_t in_len,
1873 uint8_t **_out_data,
1874 uint32_t max_out_len,
1875 uint32_t *out_len)
1876 {
1877 NTSTATUS result;
1878
1879 result = SMB_VFS_NEXT_FSCTL(handle,
1880 fsp,
1881 ctx,
1882 function,
1883 req_flags,
1884 _in_data,
1885 in_len,
1886 _out_data,
1887 max_out_len,
1888 out_len);
1889
1890 do_log(SMB_VFS_OP_FSCTL, NT_STATUS_IS_OK(result), handle, "");
1891
1892 return result;
1893 }
1894
1895 static struct tevent_req *smb_full_audit_offload_read_send(
1896 TALLOC_CTX *mem_ctx,
1897 struct tevent_context *ev,
1898 struct vfs_handle_struct *handle,
1899 struct files_struct *fsp,
1900 uint32_t fsctl,
1901 uint32_t ttl,
1902 off_t offset,
1903 size_t to_copy)
1904 {
1905 struct tevent_req *req = NULL;
1906
1907 req = SMB_VFS_NEXT_OFFLOAD_READ_SEND(mem_ctx, ev, handle, fsp,
1908 fsctl, ttl, offset, to_copy);
1909
1910 do_log(SMB_VFS_OP_OFFLOAD_READ_SEND, req, handle, "");
1911
1912 return req;
1913 }
1914
1915 static NTSTATUS smb_full_audit_offload_read_recv(
1916 struct tevent_req *req,
1917 struct vfs_handle_struct *handle,
1918 TALLOC_CTX *mem_ctx,
1919 DATA_BLOB *_token_blob)
1920 {
1921 NTSTATUS status;
1922
1923 status = SMB_VFS_NEXT_OFFLOAD_READ_RECV(req, handle, mem_ctx,
1924 _token_blob);
1925
1926 do_log(SMB_VFS_OP_OFFLOAD_READ_RECV, NT_STATUS_IS_OK(status), handle, "");
1927
1928 return status;
1929 }
1930
1931 static struct tevent_req *smb_full_audit_offload_write_send(struct vfs_handle_struct *handle,
1932 TALLOC_CTX *mem_ctx,
1933 struct tevent_context *ev,
1934 uint32_t fsctl,
1935 DATA_BLOB *token,
1936 off_t transfer_offset,
1937 struct files_struct *dest_fsp,
1938 off_t dest_off,
1939 off_t num)
1940 {
1941 struct tevent_req *req;
1942
1943 req = SMB_VFS_NEXT_OFFLOAD_WRITE_SEND(handle, mem_ctx, ev,
1944 fsctl, token, transfer_offset,
1945 dest_fsp, dest_off, num);
1946
1947 do_log(SMB_VFS_OP_OFFLOAD_WRITE_SEND, req, handle, "");
1948
1949 return req;
1950 }
1951
1952 static NTSTATUS smb_full_audit_offload_write_recv(struct vfs_handle_struct *handle,
1953 struct tevent_req *req,
1954 off_t *copied)
1955 {
1956 NTSTATUS result;
1957
1958 result = SMB_VFS_NEXT_OFFLOAD_WRITE_RECV(handle, req, copied);
1959
1960 do_log(SMB_VFS_OP_OFFLOAD_WRITE_RECV, NT_STATUS_IS_OK(result), handle, "");
1961
1962 return result;
1963 }
1964
1965 static NTSTATUS smb_full_audit_get_compression(vfs_handle_struct *handle,
1966 TALLOC_CTX *mem_ctx,
1967 struct files_struct *fsp,
1968 struct smb_filename *smb_fname,
1969 uint16_t *_compression_fmt)
1970 {
1971 NTSTATUS result;
1972
1973 result = SMB_VFS_NEXT_GET_COMPRESSION(handle, mem_ctx, fsp, smb_fname,
1974 _compression_fmt);
1975
1976 do_log(SMB_VFS_OP_GET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1977 "%s",
1978 (fsp ? fsp_str_do_log(fsp) : smb_fname_str_do_log(smb_fname)));
1979
1980 return result;
1981 }
1982
1983 static NTSTATUS smb_full_audit_set_compression(vfs_handle_struct *handle,
1984 TALLOC_CTX *mem_ctx,
1985 struct files_struct *fsp,
1986 uint16_t compression_fmt)
1987 {
1988 NTSTATUS result;
1989
1990 result = SMB_VFS_NEXT_SET_COMPRESSION(handle, mem_ctx, fsp,
1991 compression_fmt);
1992
1993 do_log(SMB_VFS_OP_SET_COMPRESSION, NT_STATUS_IS_OK(result), handle,
1994 "%s", fsp_str_do_log(fsp));
1995
1996 return result;
1997 }
1998
1999 static NTSTATUS smb_full_audit_readdir_attr(struct vfs_handle_struct *handle,
2000 const struct smb_filename *fname,
2001 TALLOC_CTX *mem_ctx,
2002 struct readdir_attr_data **pattr_data)
2003 {
2004 NTSTATUS status;
2005
2006 status = SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
2007
2008 do_log(SMB_VFS_OP_READDIR_ATTR, NT_STATUS_IS_OK(status), handle, "%s",
2009 smb_fname_str_do_log(fname));
2010
2011 return status;
2012 }
2013
2014 static NTSTATUS smb_full_audit_get_dos_attributes(
2015 struct vfs_handle_struct *handle,
2016 struct smb_filename *smb_fname,
2017 uint32_t *dosmode)
2018 {
2019 NTSTATUS status;
2020
2021 status = SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
2022 smb_fname,
2023 dosmode);
2024
2025 do_log(SMB_VFS_OP_GET_DOS_ATTRIBUTES,
2026 NT_STATUS_IS_OK(status),
2027 handle,
2028 "%s",
2029 smb_fname_str_do_log(smb_fname));
2030
2031 return status;
2032 }
2033
2034 static NTSTATUS smb_full_audit_fget_dos_attributes(
2035 struct vfs_handle_struct *handle,
2036 struct files_struct *fsp,
2037 uint32_t *dosmode)
2038 {
2039 NTSTATUS status;
2040
2041 status = SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle,
2042 fsp,
2043 dosmode);
2044
2045 do_log(SMB_VFS_OP_FGET_DOS_ATTRIBUTES,
2046 NT_STATUS_IS_OK(status),
2047 handle,
2048 "%s",
2049 fsp_str_do_log(fsp));
2050
2051 return status;
2052 }
2053
2054 static NTSTATUS smb_full_audit_set_dos_attributes(
2055 struct vfs_handle_struct *handle,
2056 const struct smb_filename *smb_fname,
2057 uint32_t dosmode)
2058 {
2059 NTSTATUS status;
2060
2061 status = SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
2062 smb_fname,
2063 dosmode);
2064
2065 do_log(SMB_VFS_OP_SET_DOS_ATTRIBUTES,
2066 NT_STATUS_IS_OK(status),
2067 handle,
2068 "%s",
2069 smb_fname_str_do_log(smb_fname));
2070
2071 return status;
2072 }
2073
2074 static NTSTATUS smb_full_audit_fset_dos_attributes(
2075 struct vfs_handle_struct *handle,
2076 struct files_struct *fsp,
2077 uint32_t dosmode)
2078 {
2079 NTSTATUS status;
2080
2081 status = SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle,
2082 fsp,
2083 dosmode);
2084
2085 do_log(SMB_VFS_OP_FSET_DOS_ATTRIBUTES,
2086 NT_STATUS_IS_OK(status),
2087 handle,
2088 "%s",
2089 fsp_str_do_log(fsp));
2090
2091 return status;
2092 }
2093
2094 static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2095 uint32_t security_info,
2096 TALLOC_CTX *mem_ctx,
2097 struct security_descriptor **ppdesc)
2098 {
2099 NTSTATUS result;
2100
2101 result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
2102 mem_ctx, ppdesc);
2103
2104 do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2105 "%s", fsp_str_do_log(fsp));
2106
2107 return result;
2108 }
2109
2110 static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
2111 const struct smb_filename *smb_fname,
2112 uint32_t security_info,
2113 TALLOC_CTX *mem_ctx,
2114 struct security_descriptor **ppdesc)
2115 {
2116 NTSTATUS result;
2117
2118 result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
2119 mem_ctx, ppdesc);
2120
2121 do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2122 "%s", smb_fname_str_do_log(smb_fname));
2123
2124 return result;
2125 }
2126
2127 static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
2128 uint32_t security_info_sent,
2129 const struct security_descriptor *psd)
2130 {
2131 struct vfs_full_audit_private_data *pd;
2132 NTSTATUS result;
2133 char *sd = NULL;
2134
2135 SMB_VFS_HANDLE_GET_DATA(handle, pd,
2136 struct vfs_full_audit_private_data,
2137 return NT_STATUS_INTERNAL_ERROR);
2138
2139 if (pd->log_secdesc) {
2140 sd = sddl_encode(talloc_tos(), psd, get_global_sam_sid());
2141 }
2142
2143 result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
2144
2145 do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle,
2146 "%s [%s]", fsp_str_do_log(fsp), sd ? sd : "");
2147
2148 TALLOC_FREE(sd);
2149
2150 return result;
2151 }
2152
2153 static NTSTATUS smb_full_audit_audit_file(struct vfs_handle_struct *handle,
2154 struct smb_filename *file,
2155 struct security_acl *sacl,
2156 uint32_t access_requested,
2157 uint32_t access_denied)
2158 {
2159 NTSTATUS result;
2160
2161 result = SMB_VFS_NEXT_AUDIT_FILE(handle,
2162 file,
2163 sacl,
2164 access_requested,
2165 access_denied);
2166
2167 do_log(SMB_VFS_OP_AUDIT_FILE, NT_STATUS_IS_OK(result), handle,
2168 "%s", smb_fname_str_do_log(file));
2169
2170 return result;
2171 }
2172
2173 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
2174 const struct smb_filename *smb_fname,
2175 mode_t mode)
2176 {
2177 int result;
2178
2179 result = SMB_VFS_NEXT_CHMOD_ACL(handle, smb_fname, mode);
2180
2181 do_log(SMB_VFS_OP_CHMOD_ACL, (result >= 0), handle,
2182 "%s|%o", smb_fname->base_name, mode);
2183
2184 return result;
2185 }
2186
2187 static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
2188 mode_t mode)
2189 {
2190 int result;
2191
2192 result = SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
2193
2194 do_log(SMB_VFS_OP_FCHMOD_ACL, (result >= 0), handle,
2195 "%s|%o", fsp_str_do_log(fsp), mode);
2196
2197 return result;
2198 }
2199
2200 static SMB_ACL_T smb_full_audit_sys_acl_get_file(vfs_handle_struct *handle,
2201 const struct smb_filename *smb_fname,
2202 SMB_ACL_TYPE_T type,
2203 TALLOC_CTX *mem_ctx)
2204 {
2205 SMB_ACL_T result;
2206
2207 result = SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
2208 type, mem_ctx);
2209
2210 do_log(SMB_VFS_OP_SYS_ACL_GET_FILE, (result != NULL), handle,
2211 "%s", smb_fname->base_name);
2212
2213 return result;
2214 }
2215
2216 static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle,
2217 files_struct *fsp, TALLOC_CTX *mem_ctx)
2218 {
2219 SMB_ACL_T result;
2220
2221 result = SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
2222
2223 do_log(SMB_VFS_OP_SYS_ACL_GET_FD, (result != NULL), handle,
2224 "%s", fsp_str_do_log(fsp));
2225
2226 return result;
2227 }
2228
2229 static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
2230 const struct smb_filename *smb_fname,
2231 TALLOC_CTX *mem_ctx,
2232 char **blob_description,
2233 DATA_BLOB *blob)
2234 {
2235 int result;
2236
2237 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
2238 mem_ctx, blob_description, blob);
2239
2240 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
2241 "%s", smb_fname->base_name);
2242
2243 return result;
2244 }
2245
2246 static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
2247 files_struct *fsp,
2248 TALLOC_CTX *mem_ctx,
2249 char **blob_description,
2250 DATA_BLOB *blob)
2251 {
2252 int result;
2253
2254 result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
2255
2256 do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
2257 "%s", fsp_str_do_log(fsp));
2258
2259 return result;
2260 }
2261
2262 static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
2263 const struct smb_filename *smb_fname,
2264 SMB_ACL_TYPE_T acltype,
2265 SMB_ACL_T theacl)
2266 {
2267 int result;
2268
2269 result = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname, acltype,
2270 theacl);
2271
2272 do_log(SMB_VFS_OP_SYS_ACL_SET_FILE, (result >= 0), handle,
2273 "%s", smb_fname->base_name);
2274
2275 return result;
2276 }
2277
2278 static int smb_full_audit_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
2279 SMB_ACL_T theacl)
2280 {
2281 int result;
2282
2283 result = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
2284
2285 do_log(SMB_VFS_OP_SYS_ACL_SET_FD, (result >= 0), handle,
2286 "%s", fsp_str_do_log(fsp));
2287
2288 return result;
2289 }
2290
2291 static int smb_full_audit_sys_acl_delete_def_file(vfs_handle_struct *handle,
2292 const struct smb_filename *smb_fname)
2293 {
2294 int result;
2295
2296 result = SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
2297
2298 do_log(SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, (result >= 0), handle,
2299 "%s", smb_fname->base_name);
2300
2301 return result;
2302 }
2303
2304 static ssize_t smb_full_audit_getxattr(struct vfs_handle_struct *handle,
2305 const struct smb_filename *smb_fname,
2306 const char *name, void *value, size_t size)
2307 {
2308 ssize_t result;
2309
2310 result = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, name, value, size);
2311
2312 do_log(SMB_VFS_OP_GETXATTR, (result >= 0), handle,
2313 "%s|%s", smb_fname->base_name, name);
2314
2315 return result;
2316 }
2317
2318 static ssize_t smb_full_audit_fgetxattr(struct vfs_handle_struct *handle,
2319 struct files_struct *fsp,
2320 const char *name, void *value, size_t size)
2321 {
2322 ssize_t result;
2323
2324 result = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, value, size);
2325
2326 do_log(SMB_VFS_OP_FGETXATTR, (result >= 0), handle,
2327 "%s|%s", fsp_str_do_log(fsp), name);
2328
2329 return result;
2330 }
2331
2332 static ssize_t smb_full_audit_listxattr(struct vfs_handle_struct *handle,
2333 const struct smb_filename *smb_fname,
2334 char *list,
2335 size_t size)
2336 {
2337 ssize_t result;
2338
2339 result = SMB_VFS_NEXT_LISTXATTR(handle, smb_fname, list, size);
2340
2341 do_log(SMB_VFS_OP_LISTXATTR, (result >= 0), handle, "%s",
2342 smb_fname->base_name);
2343
2344 return result;
2345 }
2346
2347 static ssize_t smb_full_audit_flistxattr(struct vfs_handle_struct *handle,
2348 struct files_struct *fsp, char *list,
2349 size_t size)
2350 {
2351 ssize_t result;
2352
2353 result = SMB_VFS_NEXT_FLISTXATTR(handle, fsp, list, size);
2354
2355 do_log(SMB_VFS_OP_FLISTXATTR, (result >= 0), handle,
2356 "%s", fsp_str_do_log(fsp));
2357
2358 return result;
2359 }
2360
2361 static int smb_full_audit_removexattr(struct vfs_handle_struct *handle,
2362 const struct smb_filename *smb_fname,
2363 const char *name)
2364 {
2365 int result;
2366
2367 result = SMB_VFS_NEXT_REMOVEXATTR(handle, smb_fname, name);
2368
2369 do_log(SMB_VFS_OP_REMOVEXATTR, (result >= 0), handle,
2370 "%s|%s", smb_fname->base_name, name);
2371
2372 return result;
2373 }
2374
2375 static int smb_full_audit_fremovexattr(struct vfs_handle_struct *handle,
2376 struct files_struct *fsp,
2377 const char *name)
2378 {
2379 int result;
2380
2381 result = SMB_VFS_NEXT_FREMOVEXATTR(handle, fsp, name);
2382
2383 do_log(SMB_VFS_OP_FREMOVEXATTR, (result >= 0), handle,
2384 "%s|%s", fsp_str_do_log(fsp), name);
2385
2386 return result;
2387 }
2388
2389 static int smb_full_audit_setxattr(struct vfs_handle_struct *handle,
2390 const struct smb_filename *smb_fname,
2391 const char *name, const void *value, size_t size,
2392 int flags)
2393 {
2394 int result;
2395
2396 result = SMB_VFS_NEXT_SETXATTR(handle, smb_fname, name, value, size,
2397 flags);
2398
2399 do_log(SMB_VFS_OP_SETXATTR, (result >= 0), handle,
2400 "%s|%s", smb_fname->base_name, name);
2401
2402 return result;
2403 }
2404
2405 static int smb_full_audit_fsetxattr(struct vfs_handle_struct *handle,
2406 struct files_struct *fsp, const char *name,
2407 const void *value, size_t size, int flags)
2408 {
2409 int result;
2410
2411 result = SMB_VFS_NEXT_FSETXATTR(handle, fsp, name, value, size, flags);
2412
2413 do_log(SMB_VFS_OP_FSETXATTR, (result >= 0), handle,
2414 "%s|%s", fsp_str_do_log(fsp), name);
2415
2416 return result;
2417 }
2418
2419 static bool smb_full_audit_aio_force(struct vfs_handle_struct *handle,
2420 struct files_struct *fsp)
2421 {
2422 bool result;
2423
2424 result = SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
2425 do_log(SMB_VFS_OP_AIO_FORCE, result, handle,
2426 "%s", fsp_str_do_log(fsp));
2427
2428 return result;
2429 }
2430
2431 static NTSTATUS smb_full_audit_durable_cookie(struct vfs_handle_struct *handle,
2432 struct files_struct *fsp,
2433 TALLOC_CTX *mem_ctx,
2434 DATA_BLOB *cookie)
2435 {
2436 NTSTATUS result;
2437
2438 result = SMB_VFS_NEXT_DURABLE_COOKIE(handle,
2439 fsp,
2440 mem_ctx,
2441 cookie);
2442
2443 do_log(SMB_VFS_OP_DURABLE_COOKIE, NT_STATUS_IS_OK(result), handle,
2444 "%s", fsp_str_do_log(fsp));
2445
2446 return result;
2447 }
2448
2449 static NTSTATUS smb_full_audit_durable_disconnect(
2450 struct vfs_handle_struct *handle,
2451 struct files_struct *fsp,
2452 const DATA_BLOB old_cookie,
2453 TALLOC_CTX *mem_ctx,
2454 DATA_BLOB *new_cookie)
2455 {
2456 NTSTATUS result;
2457
2458 result = SMB_VFS_NEXT_DURABLE_DISCONNECT(handle,
2459 fsp,
2460 old_cookie,
2461 mem_ctx,
2462 new_cookie);
2463
2464 do_log(SMB_VFS_OP_DURABLE_DISCONNECT, NT_STATUS_IS_OK(result), handle,
2465 "%s", fsp_str_do_log(fsp));
2466
2467 return result;
2468 }
2469
2470 static NTSTATUS smb_full_audit_durable_reconnect(
2471 struct vfs_handle_struct *handle,
2472 struct smb_request *smb1req,
2473 struct smbXsrv_open *op,
2474 const DATA_BLOB old_cookie,
2475 TALLOC_CTX *mem_ctx,
2476 struct files_struct **fsp,
2477 DATA_BLOB *new_cookie)
2478 {
2479 NTSTATUS result;
2480
2481 result = SMB_VFS_NEXT_DURABLE_RECONNECT(handle,
2482 smb1req,
2483 op,
2484 old_cookie,
2485 mem_ctx,
2486 fsp,
2487 new_cookie);
2488
2489 do_log(SMB_VFS_OP_DURABLE_RECONNECT,
2490 NT_STATUS_IS_OK(result),
2491 handle,
2492 "");
2493
2494 return result;
2495 }
2496
2497 static struct vfs_fn_pointers vfs_full_audit_fns = {
2498
2499 /* Disk operations */
2500
2501 .connect_fn = smb_full_audit_connect,
2502 .disconnect_fn = smb_full_audit_disconnect,
2503 .disk_free_fn = smb_full_audit_disk_free,
2504 .get_quota_fn = smb_full_audit_get_quota,
2505 .set_quota_fn = smb_full_audit_set_quota,
2506 .get_shadow_copy_data_fn = smb_full_audit_get_shadow_copy_data,
2507 .statvfs_fn = smb_full_audit_statvfs,
2508 .fs_capabilities_fn = smb_full_audit_fs_capabilities,
2509 .get_dfs_referrals_fn = smb_full_audit_get_dfs_referrals,
2510 .opendir_fn = smb_full_audit_opendir,
2511 .fdopendir_fn = smb_full_audit_fdopendir,
2512 .readdir_fn = smb_full_audit_readdir,
2513 .seekdir_fn = smb_full_audit_seekdir,
2514 .telldir_fn = smb_full_audit_telldir,
2515 .rewind_dir_fn = smb_full_audit_rewinddir,
2516 .mkdir_fn = smb_full_audit_mkdir,
2517 .rmdir_fn = smb_full_audit_rmdir,
2518 .closedir_fn = smb_full_audit_closedir,
2519 .init_search_op_fn = smb_full_audit_init_search_op,
2520 .open_fn = smb_full_audit_open,
2521 .create_file_fn = smb_full_audit_create_file,
2522 .close_fn = smb_full_audit_close,
2523 .read_fn = smb_full_audit_read,
2524 .pread_fn = smb_full_audit_pread,
2525 .pread_send_fn = smb_full_audit_pread_send,
2526 .pread_recv_fn = smb_full_audit_pread_recv,
2527 .write_fn = smb_full_audit_write,
2528 .pwrite_fn = smb_full_audit_pwrite,
2529 .pwrite_send_fn = smb_full_audit_pwrite_send,
2530 .pwrite_recv_fn = smb_full_audit_pwrite_recv,
2531 .lseek_fn = smb_full_audit_lseek,
2532 .sendfile_fn = smb_full_audit_sendfile,
2533 .recvfile_fn = smb_full_audit_recvfile,
2534 .rename_fn = smb_full_audit_rename,
2535 .fsync_fn = smb_full_audit_fsync,
2536 .fsync_send_fn = smb_full_audit_fsync_send,
2537 .fsync_recv_fn = smb_full_audit_fsync_recv,
2538 .stat_fn = smb_full_audit_stat,
2539 .fstat_fn = smb_full_audit_fstat,
2540 .lstat_fn = smb_full_audit_lstat,
2541 .get_alloc_size_fn = smb_full_audit_get_alloc_size,
2542 .unlink_fn = smb_full_audit_unlink,
2543 .chmod_fn = smb_full_audit_chmod,
2544 .fchmod_fn = smb_full_audit_fchmod,
2545 .chown_fn = smb_full_audit_chown,
2546 .fchown_fn = smb_full_audit_fchown,
2547 .lchown_fn = smb_full_audit_lchown,
2548 .chdir_fn = smb_full_audit_chdir,
2549 .getwd_fn = smb_full_audit_getwd,
2550 .ntimes_fn = smb_full_audit_ntimes,
2551 .ftruncate_fn = smb_full_audit_ftruncate,
2552 .fallocate_fn = smb_full_audit_fallocate,
2553 .lock_fn = smb_full_audit_lock,
2554 .kernel_flock_fn = smb_full_audit_kernel_flock,
2555 .linux_setlease_fn = smb_full_audit_linux_setlease,
2556 .getlock_fn = smb_full_audit_getlock,
2557 .symlink_fn = smb_full_audit_symlink,
2558 .readlink_fn = smb_full_audit_readlink,
2559 .link_fn = smb_full_audit_link,
2560 .mknod_fn = smb_full_audit_mknod,
2561 .realpath_fn = smb_full_audit_realpath,
2562 .chflags_fn = smb_full_audit_chflags,
2563 .file_id_create_fn = smb_full_audit_file_id_create,
2564 .offload_read_send_fn = smb_full_audit_offload_read_send,
2565 .offload_read_recv_fn = smb_full_audit_offload_read_recv,
2566 .offload_write_send_fn = smb_full_audit_offload_write_send,
2567 .offload_write_recv_fn = smb_full_audit_offload_write_recv,
2568 .get_compression_fn = smb_full_audit_get_compression,
2569 .set_compression_fn = smb_full_audit_set_compression,
2570 .snap_check_path_fn = smb_full_audit_snap_check_path,
2571 .snap_create_fn = smb_full_audit_snap_create,
2572 .snap_delete_fn = smb_full_audit_snap_delete,
2573 .streaminfo_fn = smb_full_audit_streaminfo,
2574 .get_real_filename_fn = smb_full_audit_get_real_filename,
2575 .connectpath_fn = smb_full_audit_connectpath,
2576 .brl_lock_windows_fn = smb_full_audit_brl_lock_windows,
2577 .brl_unlock_windows_fn = smb_full_audit_brl_unlock_windows,
2578 .brl_cancel_windows_fn = smb_full_audit_brl_cancel_windows,
2579 .strict_lock_check_fn = smb_full_audit_strict_lock_check,
2580 .translate_name_fn = smb_full_audit_translate_name,
2581 .fsctl_fn = smb_full_audit_fsctl,
2582 .get_dos_attributes_fn = smb_full_audit_get_dos_attributes,
2583 .fget_dos_attributes_fn = smb_full_audit_fget_dos_attributes,
2584 .set_dos_attributes_fn = smb_full_audit_set_dos_attributes,
2585 .fset_dos_attributes_fn = smb_full_audit_fset_dos_attributes,
2586 .fget_nt_acl_fn = smb_full_audit_fget_nt_acl,
2587 .get_nt_acl_fn = smb_full_audit_get_nt_acl,
2588 .fset_nt_acl_fn = smb_full_audit_fset_nt_acl,
2589 .audit_file_fn = smb_full_audit_audit_file,
2590 .chmod_acl_fn = smb_full_audit_chmod_acl,
2591 .fchmod_acl_fn = smb_full_audit_fchmod_acl,
2592 .sys_acl_get_file_fn = smb_full_audit_sys_acl_get_file,
2593 .sys_acl_get_fd_fn = smb_full_audit_sys_acl_get_fd,
2594 .sys_acl_blob_get_file_fn = smb_full_audit_sys_acl_blob_get_file,
2595 .sys_acl_blob_get_fd_fn = smb_full_audit_sys_acl_blob_get_fd,
2596 .sys_acl_set_file_fn = smb_full_audit_sys_acl_set_file,
2597 .sys_acl_set_fd_fn = smb_full_audit_sys_acl_set_fd,
2598 .sys_acl_delete_def_file_fn = smb_full_audit_sys_acl_delete_def_file,
2599 .getxattr_fn = smb_full_audit_getxattr,
2600 .fgetxattr_fn = smb_full_audit_fgetxattr,
2601 .listxattr_fn = smb_full_audit_listxattr,
2602 .flistxattr_fn = smb_full_audit_flistxattr,
2603 .removexattr_fn = smb_full_audit_removexattr,
2604 .fremovexattr_fn = smb_full_audit_fremovexattr,
2605 .setxattr_fn = smb_full_audit_setxattr,
2606 .fsetxattr_fn = smb_full_audit_fsetxattr,
2607 .aio_force_fn = smb_full_audit_aio_force,
2608 .durable_cookie_fn = smb_full_audit_durable_cookie,
2609 .durable_disconnect_fn = smb_full_audit_durable_disconnect,
2610 .durable_reconnect_fn = smb_full_audit_durable_reconnect,
2611 .readdir_attr_fn = smb_full_audit_readdir_attr
2612
2613 };
2614
2615 static_decl_vfs;
2616 NTSTATUS vfs_full_audit_init(TALLOC_CTX *ctx)
2617 {
2618 NTSTATUS ret;
2619
2620 smb_vfs_assert_all_fns(&vfs_full_audit_fns, "full_audit");
2621
2622 ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "full_audit",
2623 &vfs_full_audit_fns);
2624
2625 if (!NT_STATUS_IS_OK(ret))
2626 return ret;
2627
2628 vfs_full_audit_debug_level = debug_add_class("full_audit");
2629 if (vfs_full_audit_debug_level == -1) {
2630 vfs_full_audit_debug_level = DBGC_VFS;
2631 DEBUG(0, ("vfs_full_audit: Couldn't register custom debugging "
2632 "class!\n"));
2633 } else {
2634 DEBUG(10, ("vfs_full_audit: Debug class number of "
2635 "'full_audit': %d\n", vfs_full_audit_debug_level));
2636 }
2637
2638 return ret;
2639 }
Samba GIT mirror